By Luke Mead, CEO, LMS Group
Hackers are ingenious; they are forever developing new ways to get in and constantly creating new malware, phishing mechanisms and spoofing. But, like most criminals, they prefer softer targets and will always seek out the path of least resistance.
So, quite rightly, amending security policies has been a major consideration for businesses during 2020. People are working from home and businesses have been asking them to use their own devices, or staff have wanted to do so. This is perfectly okay, providing a business has a clear policy for Bring Your Own Device (BYOD) and strong technical controls in place so that company data is not left vulnerable.
Businesses that had clear IT policies sailed into working from home and have actually realised they can be more productive and cost efficient by embracing it. If you can access all of your key company systems securely, communicate with colleagues and customers and start new projects while at home, then working from home is great.
Here are five key ways you can keep the hackers at bay and create a secure home working environment for 2020 and beyond.
Embrace cloud technology
Cloud technology totally changed the game for companies because now it’s entirely possible to create an office anywhere. It’s zero-touch and everything can be accessed remotely, so onboarding staff members and adding new customers or suppliers can all be done without travel. However, many organisations are led to believe that security is already in place when it is first set up, which is often not the case.
Cloud technology can be very secure, as long as you have some key controls in place. For instance, all devices need to be registered and enrolled, so only company approved devices and approved users can access the system. Also, limit the number of devices people use so they can only use one laptop and one mobile each. Location controls should be put in place so only those in the UK can get in – this removes the threat of the majority of the world’s hackers.
Develop the right controls for your business and data
Cloud technology means we have the power to work from anywhere but, in truth, no one actually needs to work from ‘anywhere’. It often makes sense for businesses to put in place geographic controls which, for instance, make it so that only people in the UK, or places where staff are located, can access their systems.
It’s also important to control user access and the devices they use to login to your systems. Most cyber breaches originate from counties outside the UK, so locking down access to ideally a device level, or geographical level where device-level access controls aren’t possible, should always be implemented.
Furthermore, multi-factor authentication is a must for any business because basic password-only authentication provides no defence against sophisticated phishing attacks.
Use the ‘rule of one’
When people are working from home, everyone should have one laptop and one mobile, and those are their sole devices. Also, they are the only users of that device. You can allow personal devices (Bring Your Own Device) to be used but if these are unregulated and able to access company systems and data such as email, then you’ve got a potential breach on your hands.
People download their own apps, which can contain malware, their kids borrow their devices to play games made by developers all across the world, and these all offer hackers back doors to your company’s data. During lockdown, many businesses decided it was time to issue staff work devices and, generally, that was a good move in terms of security. Always put in place mobile application management wherever technically possible.
Contain your data
It’s key you know where all of your data is so that everyone in your team can access it and it can be kept safe. Some businesses have data siloed in a variety of places and this makes secure working from home harder and less manageable.
Ideally, you want your staff members to be able to login once by using a single sign-on and then access everything they need from their device. Access to systems can be limited to working hours, location, user and device. Data is the new oil, so make sure you know where you’re keeping your reserves and where your pipes are going.
Never compromise on security
There are costs associated with cyber security, but they are usually manageable. However, the costs of a major data breach or a ransomware attack, to both the finances of your business and your reputation, are not.
Staff working from home are now being seen as soft targets, but they don’t have to be. Never compromise on security, develop clear policies, spend what is necessary and keep the hackers out.