Homeworking and the importance of cybersecurity risk management
Having staff working remotely has presented significant challenges for many businesses, but one of the most difficult to address is the increased cybersecurity risk. As many companies did not have sufficient opportunity to prepare for the transition to homeworking, they may not have identified potential cybersecurity issues. Moreover, it is now much harder to monitor staff and ensure they are following safe practices.
Cybercriminals have wasted no time in exploiting these weaknesses, and businesses are encountering threats regularly. Here we look at the cybersecurity risks that homeworking may present to your business and, most importantly, how you can mitigate them.
What are the most common cybersecurity risks?
Homeworking raises numerous cybersecurity risks, and it is more important than ever for businesses to recognise these. Some of the most common risks include:
Data protection is a serious concern for businesses with homeworkers. An alarmingly high number of employees who work with sensitive data do not take adequate steps to destroy documents appropriately, or to avoid disposing of them in outside bins, where anyone might access them.
Likewise, unwittingly downloading contaminated files or software can infect devices with dangerous malware, including viruses, spyware and ransomware, and leave data vulnerable. This is a particular risk if employees use a personal computer for work since there is a greater chance of exposure.
Phishing attacks try to trick people into downloading malware or revealing sensitive information, like passwords. Often, they take the form of emails, text messages or phone calls purporting to be from well-known organisations that their victim is likely to recognise. Without proper awareness of the risks of phishing, employees can easily fall foul of these schemes.
Whilst phishing attacks are usually mass campaigns sent in the hopes of obtaining personal information, some might target your business to steal sensitive data. These attacks are often referred to as spear phishing as they are tailored to catch your employees. For instance, workers could receive emails allegedly from the company’s administration, asking them to reset their password, and even WhatsApp messages claiming to be from the CEO.
How to minimise the risks to your business
There are many simple steps that you can take to protect your business from cybersecurity risks:
Provide employees with a dedicated work laptop
Giving employees a work laptop (and have them follow Company rules their appropriate use) makes it less likely that they will visit risky websites on the same device that holds their work data. Doing this also means that you can have appropriate malware protection installed.
Set up a remote access VPN (Virtual Private Network) for employees to use
A VPN creates encrypted connections between remote computers and your company servers, ensuring privacy and security.
Educate your staff
Having a keen awareness of cybersecurity risks will help your employees guard against threats. Ensure your staff have proper and up to date guidance on how to dispose of sensitive data, create strong passwords and recognise phishing attacks. Ideally, create a policy where this information is contained, and take the opportunity to review this regularly to ensure it is relevant and kept up to date. Make sure they know who to reach out to for help and encourage them to do so. Where a risk is created through an employee's negligence or non-compliance with Company rules, ensure you have appropriate internal mechanisms in place for dealing with that, such as a policy which details the expectations of staff and the potential consequences if they fail to follow these, which could include invoking disciplinary procedures.
Test your backup
Check that you will be able to recover data if your business is exposed to a threat. Having risk assessments and back up plans in place should help mitigate the effects of a cyber-attack. Taking these steps will also be relevant to demonstrate your attempts to keep the business secure if ever you find yourself in the position of having to report to the Information Commissioners Office about a data breach.
Conduct regular cybersecurity risk assessments
Threats are constantly evolving, and it is crucial to keep on top of them. Frequently reviewing your business’s vulnerabilities will help you stay one step ahead.
If you require any assistance or advice, please do not hesitate to contact a member of our Employment Law team: