As a business manager, you must be worried about the safety and security of your company's data. In the current situation, to work from home, employees globally are using their personal devices or company-issued equipment. This is either to access the company network remotely or to transmit data and information through their personal network.
There are a few inherent information security risks that are posed by these arrangements. We address such risks and provide some practical tips to ensure that technology and information security is maintained.
In the first instance, any company that allows or encourages the use of personal devices for work purposes should ensure that a “Bring Your Own Device” (“BYOD”) policy is in place. A BYOD policy should address topics such as:
- Which employees are permitted to use personal devices;
- The tools or applications that employees may utilise on their personal devices;
- The employer’s rights in respect of access to data and information contained on personal devices;
- The responsibility for technical support in respect of those devices;
- The security of devices; and
- How the various risks associated with the use of personal devices are shared and are mitigated.
When it comes to the security of devices and with that, ensuring information security, companies should, at the very minimum, impose strict rules to ensure that such devices are password protected (in this regard, a password policy is strongly recommended) and should require that anti-virus software be installed thereon.
So, if your staff is using their personal devices, then what are the security threats you could face?
Types of Cybersecurity threats when using personal devices
Cybersecurity threats come in three broad categories of intent. Attackers are after financial gain or disruption espionage. Also including corporate espionage – the theft of patents or state espionage. In case your workforce uses personal computers to work remotely, then the percentage of cyber threats is even higher. Let us first understand the types of threats your business could face when employees work from home on a personal device.
To successfully handle remote working amidst COVID-19, it is crucial to be aware of the rising cybersecurity threats. To keep your work completely secured and easily accessible without compromising the privacy of yourself or your organization, we are hereby sharing some cybersecurity tips for remote working during COVID-19.
There are 5 common types of cyber threats when working remotely on personal devices:
-
Malware
Software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system. this is more so when personal computers are being used for company work.
-
Phishing
An email-borne attack that involves tricking the email recipient into disclosing confidential information or downloading malware by clicking on a hyperlink in the message.
Related article:
Tips to prevent phishing attacks that have increased with remote working
-
Spear Phishing
A more sophisticated form of phishing where the attacker learns about the victim and impersonates someone he or she knows and trusts.
-
Attacks on IoT Devices
IoT devices like industrial sensors are vulnerable to multiple types of cyber threats. These include hackers taking over the device to make it part of a DDoS attack and unauthorized access to data being collected by the device. Given their numbers, geographic distribution and frequently out-of-date operating systems, IoT devices are a prime target for malicious actors.
-
Malware on Mobile Apps.
Mobile devices are vulnerable to malware attacks just like other computing hardware. Attackers may embed malware in app downloads, mobile websites or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts and more.
To minimise these risks, we suggest following few tips for safe remote working for your business.
5 essential TIPS that managers can adopt for a cyberthreat-free working:
-
Educate your employees:
People remain the weakest link when it comes to cybersecurity. Employees working from home must be provided with the training and knowledge (or reminded) about basic security. This includes education around being aware of phishing emails, particularly at this time where it is anticipated that attempts to subvert security using phishing attacks are likely to increase.
-
Avoid public Wi-Fi networks and reset home router passwords:
Employees should not utilise public Wi-Fi networks. These networks are, as a general rule, not secured and are prime spots for malicious parties to spy on internet traffic and collect confidential information. Employees should also be advised to change the default password for their Wi-Fi router, as many would unlikely have conducted this exercise.
Related article: Is your internet connection safe to work from home?
-
Use antivirus software:
Although a firewall can help, threats can inevitably get through. Good antivirus software can act as the next line of defence by detecting and blocking known malware. Even if malware does manage to find its way onto your device, an antivirus may be able to detect and in some cases remove it.
-
Staff should be trained to use a secure home router:
When working from home, using a personal device, it becomes even more relevant to use a secure home router.
-
Provide your employees with VPN access:
Another way to secure information as it moves between the employee’s external system to the business’ core network, is to deploy a virtual private network (“VPN”). Simply put, a VPN provides an additional layer of security by:
- Hiding a user’s IP address;
- Encrypting data transfers in transit; and
- Masking the user’s physical location.
If you're prepared to work from home, check how vulnerable you are in these testing times. Click below to get a FREE vulnerability scan.