With the coronavirus outbreak forcing millions of people to swap their offices for their homes, the dynamic of the global workforce has changed dramatically in just a few short weeks. Fortunately, developments in technology have made the switch from the office to working from home a fairly painless process, however remote working is not without its risks.
The increasing number of devices being used outside the office can potentially make businesses vulnerable to viruses as their network’s attack surface widens. As a result, cyberattacks and data breaches are likely to become common occurrences in the following months unless steps are taken to reduce unnecessary risks.
So, what can SMBs do to avoid breaches to their security, allowing for work to resume as normally as possible?
Train your employees regularly
More often than not, cyberattacks and data breaches are caused by simple human error rather than savvy hackers making their way into your network perimeter. In fact, 60% of cyberattacks on UK businesses in 2019 were the result of human error. Taking steps to educate employees on ways to reduce risks and keep data safe is a sure way to help prevent breaches that could damage relationships with clients and customers, having a catastrophic impact on your business.
Making sure employees know about the risks of opening suspicious email attachments, as well as how to set up strong passwords and multi-factor authentication, can make all the difference to the strength of your cybersecurity.
The abundance of video calling and chat programmes available should make this easy, even when your employees are working from home. Invite everyone who works for your business to training sessions regularly in order to make sure every employee understands completely the best ways in which to avoid attacks and, if they occur, who they should go to in order to help resolve the issue.
While training and new policies can help to minimise risks, accidents can still happen. Another simple measure that can help is to closely monitor access permissions.
If an employee’s account were to be hacked, having their access limited only to the documents they need for their tasks can help to keep more sensitive data out of the grasp of those trying to steal it.
While it might be tempting to hand out admin privileges based on seniority, limiting access rights is a fast and simple way to improve security. Every account with a high access level should also be regularly assessed to ensure that the user really needs that level of visibility. For example, Directors may need visibility on certain documents, but do they need access to absolutely everything on a daily basis? Probably not. This makes their account an unnecessary addition to the attack surface.
Similar consideration should be given to the access levels provided to third parties, contractors and former employees to ensure that users who no longer require access have their permissions revoked or reduced as soon as possible.
Setting out policies regarding your endpoint security will help ensure that employees take seriously the importance of their conduct online. These policies don’t have to be drastic, in fact a few small simple switches can make all the difference to your cybersecurity.
An important policy you might want to enforce is the requirement to update devices regularly. Although this is often seen as a hassle, devices that are running on outdated software are usually the ones that end up suffering from attacks as hackers make use of their known vulnerabilities. Whilst company devices may be set up to automatically update software, employees using their own devices should be especially wary about the risks of bad habits when it comes to not regularly doing so.
Another issue to tackle is the use of weak passwords and password recycling across accounts. With research showing 83% of Americans use weak passwords such as their own name, hackers are constantly being given an easy way into our devices. On top of this, 59% of people use the same password on every one of their accounts, making it even easier for hackers to gain access to every single one of their victims accounts, even if just one is compromised.
Using a Password Manager is the best way to prevent these mistakes from occurring whilst providing convenience for your employees. These tools allow you to store passwords for multiple accounts which users can gain access to using just one password.
Stay up to date
Even after these steps are taken, cyberattacks and data breaches can still occur. It is therefore important to keep up to date with your response strategy if an attack should take place, minimising the spread as much as possible.
Whilst the best way to avoid cyberattacks and data breaches is to work on your prevention tactics – it is always useful to have a plan in place in case things go wrong. How do you plan on informing clients and customers affected by the breach? Who in your organisation will be responsible for resolving the issues? Reviewing these responses regularly and keeping your employees informed of any changes is essential to prevent panic and deliver a measured response in the case of an attack.
Informing your employees about any changes to your endpoint security software is also a useful step to take in order to prevent confusion. With the huge lifestyle changes we have undergone in the past few weeks, it is easy to forget about important things such as cybersecurity when working from home. Keeping employees up to date on how to utilise this software will act as a reminder of its importance, keeping eager hackers at bay.
Undergoing the shift to remote working is unlikely to be easy on any business. However, making use of modern technology to keep in touch with your employees and making sure they are aware of the risks of attacks and data breaches, will help prevent any unnecessary disasters taking place.