Ever grabbed your laptop to catch up on some work while on a train? Or jumped on a Teams call in a café or shared workspace?
With the growth in remote working and the technology we now have at our fingertips, it’s never been easier to work from anywhere, at any time.
Indeed, here at Dragon IS, we’re regularly asked by SMEs to support them in implementing remote working, including by barristers’ chambers and professional services firms.
A majority of UK companies have embraced flexibility, with hybrid working now the default for many – stats from the CIPD revealing that 74% of UK organisations now support it.
But recent headlines about an MoD official leaving a laptop open on a train, leading to a breach of some highly sensitive information, is a great reminder that both devices and employee behaviour, can pose a risk. Especially when outside of the cocoon of the office environment.
While most SMEs won’t be handling national security data, it’s still wise to think about potential risk areas for your own business, and steps you can take to best protect your systems and data.
The risks of remote working
The shift to remote and hybrid working has brought undeniable benefits, including greater flexibility, improved work-life balance, and access to a wider talent pool. But it also introduces new challenges, when it comes to ensuring employees have access to everything they need, and data security.
Employees may be working from trains, coffee shops, co-working spaces or home offices. But these environments are often less secure than traditional office settings, and without clear policies and training, they can become hotspots for accidental data exposure.
For example:
- Public Wi-Fi networks: These are often unsecured, making it easy for attackers to intercept data. Employees working from cafés or trains may unknowingly expose sensitive information simply by connecting to the wrong network.
- Unattended devices: Whether in a public space or within the office, leaving screens unlocked or phones unattended can invite unauthorised access.
- Phone calls in public: Discussing confidential matters in open spaces risks sensitive information being overheard or even recorded.
- Shared or insecure platforms: Using non-approved tools for meetings or file sharing can also be a risk, as they will bypass company protections.
7 best practices for SMEs
So, how can SMEs ensure their teams handle sensitive data responsibly, including when working remotely? Here are some practical steps to consider:
- Have clear remote working policies
Start by defining where and how employees can work securely. Your policy should cover acceptable environments, device usage, Wi-Fi access, and expectations around handling sensitive information. Make it clear that working from public spaces requires extra vigilance.
- Invest in regular training
Security awareness isn’t a one-time event, it’s an ongoing process. Train your team to recognise risks, use secure platforms and maintain situational awareness. Make sure you cover problems such as phishing, device hygiene and secure communication practices.
- Provide secure connections
Require employees to always avoid using public Wi-Fi. Instead, provide VPN access or mobile hotspots to ensure they have access to a secure connection.
- Think about device security
All company devices should have:
- Automatic screen locks with short timeouts
- Full-disk encryption
- Remote wipe capabilities in case of loss or theft
- Up-to-date antivirus and security patches
Even within the office environment, encourage staff to lock their screens when stepping away and avoid leaving devices unattended.
- Monitor and manage endpoints
Use endpoint management tools to track device usage, enforce policies, and flag anomalies. This helps ensure compliance and provides visibility for devices and how they are being used across the organisation.
- Encourage private conversations
Remind employees that working remotely doesn’t mean working casually. Encourage private settings for phone calls and video meetings and discourage all discussion of sensitive topics in public areas.
- Build a cyber secure culture
Security isn’t just the IT team’s responsibility, it’s everyone’s. Foster a culture where employees understand the value of the data they handle and feel empowered to protect it. Find out more in our blog here.
Managing the Mobile Device Cyber Risk
One big risk of remote working in public spaces is the threat of company devices – or even personal devices linked to work systems – falling into the wrong hands.
It’s a topic that ties directly to our blog, ‘Managing the Mobile Device Cyber Risk’, which explores the growing issue of mobile phone theft and how to protect against the dangers of devices being stolen.
In summary
It’s crucial that your data and devices stay safe, wherever employees may be working.
The MoD breach shows how even small lapses can have big consequences. For SMEs, building a culture of vigilance around device use, both inside and outside the office, is one of the smartest investments you can make.
Need help reviewing your policies or securing your devices? Then speak to our expert team here at Dragon IS.
For an informal chat about your IT infrastructure and cybersecurity needs, email info@dragon-is.com or call us on 0330 363 005.
