Remote working: The top 5 cybersecurity mistakes businesses make

Covid-19 has led many businesses to reassess how they operate, especially in relation to where and how their employees work. Even before the pandemic, remote working was on the rise and following the various lockdowns, it’s a trend that’s here to stay.

Studies reveal that many companies are now planning to make permanent changes to their employment patterns, with more flexible working set to become commonplace. A survey by Deloitte found that 97% of bosses expect to offer home working for the long-term – a change which could see up to a quarter of British employees working from home for good.

One high profile name making big changes is Unilever. Earlier this year, the company announced that its office workers will never again be returning to their desks five days a week. Instead, they are exploring a “hybrid mode” of working between homes and offices and thinking of introducing a 4-day week.

Twitter is another example, saying it plans to allow employees to work from home “forever”.

From an employee perspective, this change appears to be a very welcome one. Researchers from Cardiff and Southampton universities say nine in 10 employees who have been home from home during a lockdown, would like to continue doing so in some form.

 

The home working challenge

For businesses, the forced shift to home working prompted by lockdown, presented some unique challenges.

Those companies who were already geared up for remote working and had the IT infrastructure in place, were at a clear advantage. While they may have needed to scale up their capabilities to enable all employees to work from home, it was a relatively simple process.

For those businesses who had yet to embrace remote working, the challenge was far greater – the pressing concern being the need to get up and running fast, to minimise any potential service disruption.

Some companies called on the expertise of a managed IT services provider, like ourselves here at Dragon, for advice and support. While others used whatever kit they had readily available, to patch together a temporary solution as best they could.

But if remote working is here for the long haul, then it’s important that any IT system being used is robust, efficient, secure and fit for purpose. Which is why we thought we’d share here some of the most common mistakes we have seen businesses make with remote working.

 

  • Letting employees use their own devices

In pursuit of a quick fix, some companies have resorted to letting employees use their own devices when working remotely. But this can present a risk. The safest way to operate is to make sure employees only use company owned and protected equipment. That way you can ensure they are always fully updated and protected in line with the latest security advice. You should also check that employee’s home WiFi access is secure.

 

  • Failing to limit access

Messing around with permissions may not have been front-of-mind in the rush to facilitate remote working – but it really should. A great way to reduce the risk of unauthorised access and potential harm to the business, is to only give employees access to what they need. Putting multi-factor authentication in place wherever possible is also something we strongly advise implementing.

 

  • Using applications in the wrong way

What many businesses may not realise is that certain applications need to be used in a particular way, otherwise problems can ensue. For example, accounting software Sage should only be connected to a hosted environment and not used via VPN (a virtual private network). That’s because VPN performance, server activity levels and even internet traffic can all have an impact, such as making the software constantly timeout, or slow to respond.

 

  • Not using the right tools to communicate

Communication channels are another area of risk. All businesses want to ensure that team members can collaborate and interaction when working remotely. But how are you doing this? Are employees using their own devices, and applications such as WhatsApp, for work-related conversations? Information needs to be shared in a protected environment, such as through Microsoft Teams. Make sure you have a secure system in place and provide guidance to employees on what is expected of them.

 

  • Forgetting about cyber education

When employees are working in different ways and from an environment based outside of the office, it’s important to keep cybersecurity on their radar. Have you done a cybersecurity risk assessment of these new ways of working? Have you communicated what the new and ongoing threats may be? There are various ways you can minimise the risk of a successful cyberattack, and your IT services provider will be able to advise you on that, but it’s a fact that phishing emails are still the top way criminals get in. And they’re getting more sophisticated by the day.

 

In summary, with remote working likely to be here for the long haul, it’s important that every business ensures its IT systems are up to scratch – meaning they are safe, efficient and robust. Now is the perfect time to review any temporary fixes you may used to get your business through lockdown and to make sure you’ve not falling into any of the traps we’ve outlined here.

 

At Dragon, we have been busy supporting SME businesses throughout the pandemic, to overcome their individual IT challenges and future-proof their operations. For expert advice or a free assessment of your current IT infrastructure, please call us on 0330 363 0055 or email lionel@dragon-is.com