Remote Working & Cyber Security – What do I need to know?

It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.” – Stephane Nappo

Due to the COVID-19 pandemic, remote working in the UK has increased significantly. According to the ONS, in April 2020, nearly 50% in UK employment worked from home.

Although many are now returning to the workplace, a great deal are choosing to adopt a ‘hybrid’ working rota, combining working from home and the office.

It is important for businesses to consider the cyber security risks that remote working presents. This article will explore what you need to know.

What are the risks?

There are numerous risks that online working itself presents, such as phishing, viruses and malware. Many offices will have established online cyber security policies and practices in place so that their office staff can work securely within work premises. However, flexible and hybrid working opens up the opportunity for hackers to access data through new vulnerabilities.

What about passwords and encryption?

Encrypting data before sending it via email or a secure file-sharing platform can ensure that access to data remains restricted.

Enhanced cyber security options like two-factor authorisation (requiring a password and PIN for example) can provide an added layer of security. Also, any ‘mobile’ device that holds corporate data should be encrypted. These include laptops, removable hard drives, memory sticks and phones. This will ensure that if the device is lost or stolen then the data remains safe.

These safeguards are especially important when employees are transporting work devices between different locations as the likelihood of loss or theft is far greater. It is important that businesses have contingency plans in place to support staff in these instances.

Does your company encourage BYOD?

BYOD, means ‘bring your own device’ and describes when staff carry out work on a personal device. Many companies allow their staff to use their own smartphones and laptops whilst working remotely. This is often a practical and efficient solution for your employees to work seamlessly from wherever they are.

It is important to provide staff with clear IT policies, to set boundaries and retain administrative control of company data. This will help to keep devices, company networks and data secure.

What should an IT policy include?

IT policies may include a range of measures. For example, ensuring employees have up-to-date anti-malware and anti-virus software installed on their devices.

It is important that employees don’t set ‘weak’ passwords for accessing company systems. Commonly used passwords are very easy for sophisticated hackers to guess (and even those less sophisticated. This becomes even more important when employees are accessing company networks and data from their own devices.

IT policies should also cover the essential training requirements that teach employees what security measures are needed when accessing their work and why they should be adhered to. Understanding the risks of common scams (such as scam emails) enables employees to mitigate the dangers from phishing and other hacking strategies.

How can you monitor cyber security in public places?

Steps need to be put in place to enforce cyber security when staff members are working in public places.

There are several ways to keep your device safe on a public Wi-Fi network. When using public networks staff should be advised to:

  • Ensure the credibility of a network before connecting. If in doubt, don’t connect.
  • Disable file sharing.
  • Use a VPN to encrypt data and disguise the device’s IP address from potential hackers.
  • Make sure the device has an up-to-date firewall and anti-virus software enabled.

The National Cyber Security Centre offers helpful information to companies planning their remote working strategy. You can also read our blog here on tips to help keep your corporate network secure when employees are working from home.

For more information, advice and support keeping your corporate network secure, get in touch with SupPortal today.

Which cyber security certification is right for your business?

Business today relies heavily on the internet, no matter what the industry. The online world is constantly evolving, from an increase in video conferencing and homeworking to ecommerce transactions and contactless payments. With more and more critical data being stored and processed over both private and public networks, it is important to be aware of the risk and take the right steps to protect your organisation. Below we will go through how to choose the right cyber certification to suit your needs.

The Threat of Cyber Crime

Did you know that almost half of UK businesses are affected by cybercrime each year? Security breaches are a very real threat for businesses of any size, whether that’s cybercriminals, viruses, or malwares. Poor judgement and errors made by employees, alongside weaknesses in your security system can often be to blame. It’s easy to think that it won’t happen to you or your business, but anyone can be a target. So, it’s important to take preventative action to protect your business.

Reassurance for Your Clients and Customers

Your customers and clients are trusting you with their data. A cyber certification can lay their fears to rest, as it enables your business to demonstrate that you have appropriate cybersecurity controls in place that not only protect your own data, but also any that you hold about them. Furthermore, it isn’t a one-time fix. Certification provides a solid foundation of best practice to be maintained within your business and will require renewal every 12 months. Upon certification, your business will be listed publicly in the Cyber Essentials directory and also qualifies for £25K optional Cyber cover.

Below we explore how to choose the right cyber certification for your business, looking specifically at the two most popular certifications – Cyber Essentials and Cyber Essentials Plus.

What is Cyber Essentials?

This is a government scheme that covers all types of organisations to make sure they are adequately protected against IT threats. Having this certificate protects both your business and clients from a potential threat and demonstrates that it is taken seriously. In fact, we recommend all parties are encouraged to adopt the scheme to keep the whole supply chain protected. It is essentially a set of security standards that businesses are required to meet to achieve certification.

The scheme covers the following key areas:

  • Protecting your internet connections with firewalls and routers
  • Protecting any device and software your business may use
  • Regulating physical and digital access to your data and services with access control
  • Defending against viruses and other harmful malware
  • Ensuring devices and software are kept up to date

So, how do you choose between Cyber Essentials and Cyber Essentials Plus?

The certification level you choose will vary on who you are dealing with. If your company has contracts with government, or are in the supply chain, no matter how simple your set up is, you will need to have at least Cyber Essentials certification in place. However, Cyber Essentials Plus will give you that added level of security.

Your business IT infrastructure may only consist of a laptop and use of Office 365. However, many companies will still want you to have a certain level of certification to do business with you. The simpler your IT is, the easier it is to implement.

Cyber Essentials

Are you looking for basic level security certification to prove to your potential and current clients that you have sufficient measures in place?

This is the lowest level of certification and is the minimum requirement if your business wants to submit a bid for a public sector contract. This certification is vital if this is an area where you wish to do business, as you will be responsible for handling critical information regarding public sector activity.

If you decide Cyber Essentials is right for you, SupPortal can organise your self-assessment questionnaire. There is a time and resource commitment required internally to provide suitable evidence for the self-assessment. An outsourced provider such as SupPortal can take a lot of this work off your shoulders. Working with you, we can ensure you are prepared to answer the questions and provide the evidence.

Assisted Cyber Essentials

Should you wish to take on the majority of the work in-house, SupPortal can provide an initial external vulnerability scan. However, doing so can not only be time consuming but will require sufficient IT knowledge to fully respond to the self-assessment.

Cyber Essentials Plus

Government organisations and contractors look for this certification when there is considered to be a greater risk. It is more comprehensive version of the Cyber Essentials certificate involving further external auditing and random testing. To gain this certification, you will need to be Cyber Essentials certified first.

As part of this process, the team at SupPortal would carry out tests on your software and systems to check for vulnerabilities to ascertain if you have the adequate protection against cybercrime.

Do you supply goods or services to government departments like the NHS, or MOD? Do you have remote workers? Or do you have third-party businesses that have access to your systems? Does your business require complex IT infrastructure, software and systems? Does your network cover a broad area? If you have answered yes to any of the above, then this may be the most appropriate certification for you.

If you want to truly demonstrate that your business is committed to high standards of cyber security protection, and you take data protection seriously, then this is a great choice for you. With this certification, you are going above and beyond to keep your client’s data safe. Furthermore, if your business commonly processes data of a highly sensitive nature, then it is well worth considering Cyber Essentials Plus.

Still confused about which cyber security certification is right for your business? Then get in touch with the team at SupPortal today.