By Bruce Penson, Managing Director at Pro Drive IT
Most business IT systems weren’t designed for everyone to be working from home at the same time — yet that is exactly what is happening right now across the country.
In the rush to keep businesses operational, systems have been hastily scaled up to get people working remotely, without a second thought given to security.
Unsurprisingly, cyber criminals have pounced on this open treasure box. Already, we have seen an increase in various types of attacks — from Office 365 breaches and phishing attempts to large-scale ransomware attacks.
These are all substantial threats in normal circumstances, but when your business is already stretched to the max, they could be just the thing to push you off the brink.
Let’s take a look at some of the critical threats to look out for…
Insecure video conferencing
If you weren’t familiar with Zoom and Microsoft Teams before, we bet you are now. With everyone working from home, video conferencing has become the new norm.
However, these applications aren’t without security issues. Over the past few weeks, we’ve seen plenty of reports of hackers infiltrating online meetings and using them to steal information.
To stay secure on Zoom, make sure to set up a business account for employees to use and ensure they always schedule an event with a new random ID (rather than their personal meeting ID). Features such as the ‘waiting room’, ‘host-only screen sharing’ and password-protected meetings also help to maintain security.
Teams is far more than just a video meeting solution, and there are a complex set of security requirements to consider. By default, the app offers very little security. This means people will be able to run Teams from any location or device they like and upload and download files from any of these devices.
Are you twitching at the thought of the potential GDPR nightmare here? Fortunately, all of this can be changed in the settings.
With any video call, it’s also important to be aware of what is on display in the background. In Zoom, you can add a virtual background, while Teams allows you to blur the background. These features should always be used to shield users’ homes from prying eyes.
Vulnerable home networks
Then you have the home network issues to contend with, too. Most home networks are not managed by an IT professional and do not have the same controls as a business network.
Broadband hubs typically come with set usernames and passwords. Some are a little harder to crack than others, but either way, chances are they’ll still be using the exact same ones as the day they were delivered!
Your employees’ homes will likely also have many devices either hard wired to their network or connected by wireless. Often, these devices will have a simple or default password. And while modern smart devices will usually update their software automatically, many older ones won’t. This could leave the devices and the network they’re connected to vulnerable — as well as your business!
Home computers also tend to lack the most basic yet essential security measures. If there is malware on an employee’s home computer and it’s on the same network as their work computer, this could potentially compromise your business. This is why it’s essential to have good quality, paid for (free is free for a reason!) antivirus software on all computers running on the same network.
A simple way to help get around these issues is to set up a business-managed wireless access point for staff to connect to and create a ‘virtual’ network, which will remain separate from the rest of their home.
Because work computers are being used in a non-secure network, you also need to ensure all data being transmitted to and from the device is encrypted. To do this, you need a VPN. Hosted VPNs are more secure than office VPNs and will ensure traffic can’t be ‘snooped on’. Just make sure you set up multi-factor authentication to prevent access even if a password is breached.
Malware-infected USBs and data loss
On top of adding personal devices to the mix, your employees could also be tempted to use external USBs or drives to store data on. These devices can easily be populated with malware and when plugged in, place your company computers or laptops and entire business at risk.
Usually, office-based IT systems rely on staff coming into the building from time to time to ensure any local data is synchronised with the servers. But with working from home measures likely to remain in place for quite some time, this won’t be possible — meaning the likelihood of data loss becomes much higher. If you’re not using a fully cloud-based IT system, you should at least ensure your staff can back up their data to the Cloud.
Don’t bury your head in the sand!
There’s a lot to think about when it comes to security and remote working — and keeping on top of everything can seem like a never-ending challenge.
Many businesses are burying their heads in the sand or addressing the issues by resorting to using free services (as opposed to free offers from premium services). There’s a big difference! Free services usually lack the security of premium ones and can be rife with GDPR issues, so best to leave it to the pros!
Over the coming months, cloud-based solutions will also be key to ensuring business continuity and security, and you should make it a priority to ensure everyone in your team knows how to make the best use of the technology.
If you need outsourced IT support or advice about remote working, please contact the Pro Drive IT team today.