Employers should lay down policies so that remote staff knows whom to report about the threat
The concept of remote working or working from home on a vast scale seems to be a major headache for IT security companies around the world. There have been tens of different hacking attacks every single week.
Media reports state cases of remote working staff that got emails, pretending to be from the service desk of their office, asking them to reset their log-in passwords. Staffs were also tricked to download viruses from hackers demanding ransoms.
These issues have made the home working scenarios worse in the Covid-19 lockdown. Companies need to take these issues as seriously as they can and provide cyber-security training to their employees who working from home.
According to a recent survey by a UK-based legal firm Hayes Connor Solicitors, one in every five employees who is working from home has not received any training on cyber-security. The report also stated that two out three employees who printed potentially sensitive work documents at home admitted to putting the papers in their bins without shredding them first.
Even simple data protection practices have been ignored because of the rush and panic to set remote working practices up. Employers need to educate employees about additional security relating to computers, electronic communication, and phone communication.
In order to make things safe and secure as possible, the companies should supply their remote working staff with laptops and other equipment that are owned, controlled and configured by the company. This will alleviate the burden to set things up right and ensure that employees follow the security controls the company wants.
The staff working from home should not use their personal computers or laptops for work purposes as they will be limited to what they can do on it or not necessary that they are the only one using it. This will prevent from malware or other attacks to happen and also will not affect the work.
To ensure that the remote laptops have secure and encrypted connections with the firm’s servers and everyone else in the company, the firm should also set up a virtual private network (VPN).
VPN could work as a tunnel between two cities. It hides your IP address by letting the network redirect it through a specially configured remote server run by a VPN host. This means that the remote employee that needs to be online with a VPN, for them the VPN server will become the source of the data and the internet service provider (ISP) or any third party will not be able to see the work which the employee is doing. Even if someone gets their hand on your data, it would be of no use as VPN would work like a filter that turns your data into “gibberish”.
Also, employees working from home with office laptops having VPNs and the latest cyber-security software systems in place need to make sure that they do not make damaging mistakes of falling prey to a “phishing” email. It could be a malicious email pretending to be a legitimate one in order to trick someone into handing over sensitive data.
For these reasons, companies should make it essential to provide proper cyber-security training to the employees to help them understand the threats they could face.
Employers also need to make sure that they provide shredders to the remote workers who need to print things out. Firms should have policies in place so that staff knows who to immediately report a threat to as even the most cyber-security aware remote employee could be just one click away from making a mistake.
Remote employees should immediately engage with the IT/cyber-security experts of the company if they are suspicious of anything that they are not 100 per cent confident about and the experts should welcome their outreach.
Do Follow: CIO News LinkedIn Account