By Scott Lester, Cyber Lab Manager, 6point6
Cyber security is at its most important in times of change. There are currently masses of people working from home under unprecedented circumstances. Owners of SME businesses now face the challenge of maintaining their organisation's cyber security, as their IT-dependent employees log on to keep the engine running remotely. While the unfamiliar environment presents weaknesses, there are clear steps that companies can take to sure-up their defences for the future.
- Layer your security
One-step log-in procedures leave the employee and the business vulnerable to attack – multi-factor authentication (MFA) is the answer. MFA requires users to verify their identity via an additional piece of information, such as a one-time code, prior to logging in. By adding or enabling this extra phase of security to any application or platform that workers use, your system is protected against cyber attackers who target passwords.
A password manager can bolster this protection. By creating unique credentials for each log in, the logins and passwords are stored and encrypted in a virtual safe. This obstructs cyber criminals from sharing or saving log-in details.
For newer SMEs and start-ups seeking cost-effective security solutions, these products should be the first port-of-call. Many online tools and services often include MFA as a part of their package. Both options are friendly to smaller budgets, and work to dilute the risk of employees being hacked, therefore sustaining the business's security.
- Tighten-up video calls
Third-party invasion of video conferencing calls has been an unfortunate and well-publicised trend during the current lockdown. Considered security procedures should be implemented in order to protect meetings from gate-crashers.
When hosting video conferencing calls, the meeting must be kept strictly in the knowledge of attendees only, and a password should be created for entry. The meeting's organiser can also take a register of who joins the call, and then monitor who is present throughout.
Company security is also protected by guaranteeing only work-approved devices with correct software are used to access conferencing calls.
- Ensure network security
Businesses can set a Virtual Private Network (VPN) in place to improve their blanket security. If employees work using a VPN with correct encapsulation and authentication systems, the data they are working with is less at-risk.
Employee vigilance is equally important, staff can boost an organisation's and their own security from their own home by changing their router passwords to not use default values. They should also conduct a virus scan of their device's software to check everything is updated and has sufficient protection.
- Make the workforce aware of cyber threats
Employees must also be made aware of the threats, and how cyber criminals will look to exploit businesses at this uncertain time. Cyber security awareness training can help workers identify when they are being targeted, and makes them more familiar with internal security reporting procedures.
It is crucial that businesses communicate with their staff and update them on cybersecurity policy and best practice. Remote working requires Acceptable Usage Policies and BYOD equipment to be as secure as possible, organisations should ensure they have addressed this in a way that allows staff to help themselves as much as possible.
- Streamline your IT demands
The chaotic nature of this unusual situation means an organisation's IT team will be receiving some heavy traffic. This is to be expected, there are numerous technical hurdles to negotiate when facilitating a transition to remote working. This also makes IT teams more essential than ever to the smooth running of a business. A company can ease any complications by holding back on unreasonable requests. Companies should look to install a refined process for staff contacting the IT team, for example: categorising queries by their urgency and mediating their flow to the team. If the entire workforce subscribes to a system like this, the IT team will be better placed to perform its crucial function.
It is also important to avoid pressuring the IT team to compromise on security measures in favour of practicality. When IT professionals resist a proposal or request, this will be backed-up with sage reasoning, and they need to be trusted.
- Understand the perils of WFH
The COVID19 crisis has placed people on unfamiliar ground. Indefinite remote working makes it difficult to balance work and personal time. It makes it more difficult than usual for staff to switch off from their job. Business leaders should be understanding that systems of collaboration won't be as immediate in the current climate, as staff adapt to this new working environment. Embracing a flexible culture and anticipating that employees could be balancing issues outside of their job is important in this chapter.
It all boils down to teamwork. Pulling together and supporting each other is critical as companies attempt to navigate the complications of the global pandemic. Organisations can move to protect their futures by trusting their IT teams, empowering them to introduce policies that create security and vigilance across the entire workforce. Combine this with installing effective cybersecurity solutions, and a business is set to thrive in this unfamiliar landscape.