The fight against the spread of coronavirus and the recently introduced lockdown measures forced businesses to implement remote working where possible, in order to guarantee continuity of daily operations.
Whilst some companies are used to this way of working, they know the best practices related to remote work and own the means necessary to implement it on a large scale, others (such as micro, small and medium businesses) are not well–equipped to deal with this new situation. As a result, they find themselves completely lost. What is more, they may experience cybersecurity issues and are more vulnerable to cyberattacks.
Indeed, remote work is not risk-free. In order to avoid issues regarding data security, here are a few tips and precautions you should take.
Risks linked to remote working
Cybercriminals never sleep. It’s no wonder that with the COVID-19 outbreak and the popularization of remote work model that followed, the European Union Agency for Cyber Security announced an increase in the number of reported cyberattacks (mostly in the form of phishing through coronavirus related emails).
Studies by Symantec have revealed that 86% of surveyed employees use their personal devices for professional activity and 42% of them do not update regularly their antivirus and safety systems. The development of remote work, if inadequately implemented, may cause real security problems for businesses, such as:
- Loss or leakage of data,
- Contamination of the company system due to a security breach into an employee’s device (or vice versa).
The higher the number of remote workers in the company, the higher the chances of experiencing cyberattack attempts. In order to minimize the risk, businesses should put in place concrete measures and relevant technical solutions.
Use enterprise owned computers
In order to ensure the most secure conditions of remote work, your employees should avoid using their personal IT devices to perform professional tasks.
In fact, to guarantee data security, it is necessary that remote workers use enterprise owned computers which are already equipped with security software and essential protections. A personal computer, even if with an antivirus installed, will not be able to withstand powerful cyberattacks and may jeopardize company data.
- Train your employees on the risks imposed by cyber crime
Make sure that your employees know how to recognize cyberattacks and how to react to them: raise their awareness of the dangers of the cybercrime, potential forms of attack (ransomware, phishing, viruses) and their consequences.
Train your employees to develop good habits and draw their attention to behaviours that should be avoided (opening an email form or downloading an attachment from an unknown sender etc.).
Double your vigilance
In the current situation, you remotely working collaborators should double their vigilance, namely with regard to emails that they receive, even if they seem to come from a known source as they might be tools of/for phishing.
- If possible, verify authenticity of messages by contacting the sender directly (in person, over the phone …)
- Do not click on any links or download attachments if you don’t know the sender of the message or if you are hesitant about its content,
- Be wary of emails from people who you don’t know, always try to verify information through other means.
- Same with emails asking you to take immediate action under the threat of serious consequences – for example: a bank asking you to update your details or else your account will be suspended.
- Stay equally vigilant with regard to emails from people who you do know (clients, suppliers, partners etc.) but who ask you for unusual things (“I am in a difficult situation and I need money.”); in such cases, contact the sender directly to clarify the situation.
Use secure tools
To hedge against the increase in cybercrime, make use of security tools. These days, there are more and more solutions that guarantee security, confidentiality and sovereignty of data available on the market. Project management solution Wimi and its secure extension Wimi Armoured are good examples.
This type of software enables you to encourage collaboration of your teams no matter if they are working at the same premises or remotely thanks to such functions as instant messaging, a drive that share all types of documents, shared agendas etc. Yet, its main advantage is its high level of security achieved thanks to the use of end-to-end encryption, multi-factor and multi-device authentication and data hosting in France.
Advice to follow:
Due to this unforeseeable situation caused by COVID-19, European Network and Information Security Agency demand all remote workers to follow their advice:
- Make sure that your Wi-Fi connection is secure and password protected. Should it/this not be the case, everyone in your surroundings, for example your neighbours, will be able to connect to your network.
- Regularly update your antivirus software.
- Multiple tools and types of software that protect data are available (for example web browser extensions). Make sure that they are up to date and that you have downloaded the newest versions.
- Regularly backup your most important files. If you fall a victim to ransomware, you might lose all data that was not backed up.
- If you work in a co-working space (which is not recommended in the current situation), do not forget to lock your screen.
- Make sure that you are connecting to your work environment through a secure connection.
- Install encryption tools if you do not have them yet.
European Network and Information Security Agency recommends that employers put in place the following measures:
- Provide their remote workers with a procedure to follow in case of security-related issues: a list of contacts, steps to follow etc.
- Put in place assistance in the event of a security incident
- Provide secure work tools that use data encryption and multi-factor authentication,
- Make sure that employees change their passwords regularly and advise them to choose a strong password.
- Limit access to sensitive systems and strongly protect the most confidential data.
