Working from home provides a lot of opportunities for flexibility, and can make it easier for a team to balance their home and work life. However, having employees take their work home can lead to multiple vulnerabilities being introduced just by the virtue of not being in the office.
So how do you make sure that your team stays protected while dealing with company data? Here are a few simple ways to get started with at-home cybersecurity.
Combat the loss of physical security
One of the most obvious risks that comes with working outside of the normal workplace is the loss of physical security measures. This is often overlooked as an element of cyber security, but is a vital part of the process. After all, even if you have state-of-the-art firewalls and encryption, it doesn’t prevent much if someone can simply walk into a building and plug in their own drive to steal data.
Typically, a commercial office where data is stored is equipped with multiple levels of physical security – from a manned reception or lobby to door passes held by staff. These all act as barriers to a potential security breach.
Of course, a commercial office is far more likely to be a target for physical data theft, but it’s worth reminding employees that they should be observant of their own physical security while working remotely. For instance, work devices should be safely stored out of sight when not in use, whether in the home or travelling.
If they’re working out of the home, such as in a coffee shop, they should be reminded never to leave work devices (laptops, mobile phones) unsupervised at any point. Many physical data thefts are committed by opportunists, and the easiest way to avoid these is to minimise opportunity by ensuring their devices are always under their control.
As well as this, you and your team should bear in mind what is visible from behind you while you work outside of the home or office. Work-related information – especially sensitive information about customers or other employees – should never be left open on the screen when not in use. This minimises the risk that unauthorised people see information that they shouldn’t. We recommend you also make sure to lock your device when you’re not looking at the screen.
Securing your home network
Working from home involves using your home network to connect to the internet – who knew? But while you likely use that network every day for personal use, when you begin using it for work data, there’s a certain amount of responsibility you and your team need to take with your own wifi.
Firstly, if connecting wirelessly, you’ll need to make sure your network is encrypted with a password – this tends to be in place by default, but some people remove it if there are lots of devices that need to connect. However, to ensure the traffic is not easily intercepted, adding a password is a must.
To add to this, ask your team to try and think about who might have access to their wifi password. If that includes anyone who they don’t know well, or if they’re dealing with especially sensitive information, it’s best to change the password of their wifi network to make sure that you control who can access it. And it shouldn’t just be a token password either – choosing a secure password is vital.
While attacks like these are highly unlikely on a home network, ensuring your wifi is encrypted is a good habit to get into.
Using a VPN
While many remote workers usually work in their own home, this isn’t always the case. Trains, coffee shops and coworking facilities are all often-used locations for remote working.
While you have control over the security of your home network, if you’re working in a space outside of the home, this generally means you’ll be connecting to a public wifi network. As these connections are not encrypted, you have none of the protection you would usually get at home.
Therefore, you and your team should begin using a VPN – especially when you’re on a public network, but you could argue their use anywhere. VPN stands for virtual private network. They create a separate, private network on a public internet connection, which you can use to prevent others on that network from seeing your traffic.
You may find that your company has already put a VPN in place – some work devices only allow for a connection to the internet through a VPN, or only allow access to company data while using their VPN. If this is the case, this will be set up for you. If you believe you should be using a VPN to access the internet in a public place, there are many available from online providers for a low fee. Ask your employer if this would be suitable.
Ensure employee cyber security training
The most important tool in the fight against cyber threats is ensuring awareness of the risks. Just knowing where and how hackers may try to access data is a key step in preventing those attempts from being successful.
For this reason, employers should make sure to educate their staff in the most common cyber security attacks if they’re anticipating a need to work remotely. Outside of an office network, many of the network-based measures used to prevent attacks (such as link monitoring, activity logs and firewalls) are missing, so human intervention is needed to prevent these instead.
As well as training and education on the possible threats, employees should know who to contact if a work device is stolen or lost. The quicker they can report this, the less likely it is that it will lead to a data breach. This should be done in a blame-free way, to avoid employees being inclined to hide when this has happened.
Cyber security is an ever-evolving threat, and it can be worrying when confidential, sensitive, or critical data is taken outside of a secure workplace. But with remote working becoming more and more prevalent, it pays off to ensure your data security is as good as it can be. These tips should provide a good foundation to preventing data being lost.
If you want somewhere to keep your team’s data while you’re all out of the office, try Nextcloud on a flexible Cloud Server. Nextcloud gives you a hub to store documents, calendars, contacts and other data from your team in our UK data centres. Equipped with anti-virus software, it makes it easy to ensure your data is controlled and secure no matter where you are.