In the last few years, many organisations have seen a significant growth in remote working due to changing business practices. Now, with the current COVID-19 coronavirus pandemic forcing many employees to work from home, remote working has taken on a new focus, and for many companies, one that looks set to continue.
However, alongside the rise in remote working there has also been a sharp increase in malicious cyberattacks and attempts from hackers, exploiting new vulnerabilities to reach company data.
In the UK, one small business is being successfully hacked every 19 seconds with around half of cyberattacks involving phishing emails directed at staff. This means that whilst outside the workplace, employees need to be extra vigilant about their IT security practises and organisations must ensure that they have the right cybersecurity measures in place to protect their data.
Below are two key measures that you can and should put in place to help your staff stay secure and avoid your business data from being at risk.
Introduce Multi Factor Authentication (MFA) to add layered protection for Email
Traditionally all that is needed to gain access to an e-mail account (and therefore sensitive company data), would be an email address and password. However, with Multi-factor Authentication (MFA) enabled, even with your password, a hacker still cannot gain admission to your account. MFA is a security system that creates a layered defence against cyber criminals by making it more difficult for an unauthorised person to access a target such as an email, PC, network, or database. Put simply, it means having more than one method of verification before you gain access to an account. A good example of where this is already widely in use is online banking, or logging onto a website and being asked to enter an additional one-time password that is sent to your phone.
Whilst remote working provides your staff with convenient access to services from anywhere in the world, if your organisation uses cloud applications, the risk of hackers accessing your information is increased and so adding an extra layer of protection to enhance your IT security, such as MFA, should be implemented. In fact, the UK's National Cyber Security Centre (NCSC) issued security advice on remote working recently to help both organisations and employees stay safe from cyberattacks which included recommendations for staff to use multi-factor authentication.
For those of you using Office 365, MFA is a FREE security feature built into your account and we highly recommend activating it. You will likely need the expertise of your IT service provider to help with the initial installation for all your users but once in place, it is seamless and easy to use.
Update your Business Virtual Private Network (VPN) to secure your connections
To access files and company information whilst working from home, most employees will be using business virtual private networks (VPN). In fact, global use of this technology has increased by 165% since the beginning of March, (according to NordVPN).
A business VPN allows users to securely connect to organisations’ networks over the Internet to access files, data, and applications from anywhere, making it look as if the user is on the local network, regardless of geographical location. However, remote access raises the issue of unsecured networks. If employees are using unsecured networks to access their company’s data, they put that information at risk.
Many organisations are set up to support staff working remotely through older style VPNs, called PPTP VPN (Point-to-Point Tunnelling Protocol), however this is now fast becoming obsolete. SSL VPN (Secure Sockets Layer) now provides added security by using end-to-end encryption to protect data, enabling users to access network resources remotely via a secure and authenticated pathway by encrypting all network traffic.
If you are unsure as to which type of VPN your company is using whilst your staff work from home, it would be worthwhile having it checked out. There are quite a few versions of SSL VPN compatible services available, but we recommend using OpenVPN, as this product will allow your service provider to enable SSL VPN and in addition liven up MFA level security to your own corporate network.
As the increase in cybercrime shows no signs of slowing down and with the likelihood of some or most of your staff continuing to work from home for the foreseeable future, it pays to put the best cybersecurity measures in place to protect your business data and stay ahead of the hackers.
For more information and advice on the above security measures please contact your account manager or one of our sales team on firstname.lastname@example.org. For our supported customers, your named account manager will be in touch to discuss what is possible with your IT Support network.