Don’t bring risky IT security habits back into the office
Wherever your staff work, the safety and security of their systems should be a priority. However, research from Tessian, the human layer security company, suggests more than a third (36%) of employees are likely to have picked up bad cyber-security behaviours while working remotely during the pandemic, writes Tim Walker, MD, Aura Technology.
That can often be put down to people doing whatever it took to get working during the pandemic – even if that involved some risky workarounds. But now’s the time for a fresh start – and that means leaving those bad habits behind.
Whether your teams are at home, returning to the office or working on a hybrid model, here’s our advice.
Review personal devices
Your people may have become used to working on their own laptops, PC’s and tablets – devices which won’t have as strong security protocols as business-grade models.
This may well have opened the door to phishing, malware and other attacks, where hackers can infiltrate a network and steal business data.
We advise you should rethink now how your applications are accessed from home networks, and develop a Bring Your Own Device policy for employee access to company accounts on personal devices. This is especially important if you’re planning for hybrid working where employees will still work remotely part-time.
If some of your team are going back to their office PCs full time, ensure they are logged out of all company systems on their home devices. Advise them to delete any company data they have downloaded on them and uninstall any VPN software they have been using to access company networks.
Refresh their cyber-security knowledge
People are a weak point for cyber-security problems – cyber criminals exploit human error, from password laziness to innocent-looking emails, to carry out their attacks.
It’s good practice to have a few training sessions that help your teams recognise and respond appropriately to threats.
Make sure it’s easy for employees to reach out to your IT provider with any concerns, even if they turn out to be nothing. It’s better to be over-vigilant than miss the warning signs of a real attack.
Ensure a monitoring system is in place
Make sure you have appropriate controls and procedures in place to monitor networks and systems to notify you that a breach has happened or is about to.
If your IT provider users a monitoring tool, they should be checking that it is configured correctly to detect any threats or signs of employees attempting to access areas of the network and/or data that they otherwise shouldn’t.
You should also carry out risk assessments, such as where company data has been saved while remote working – was it in a public cloud system like Google Drive or Dropbox? This all needs to be recorded to minimise risk and ensure data is safe when you are working back in the office.
Have stronger password guidelines
Poor password choices are one of the top reasons for cyber attacks. Working from home, people may have been lazy and used the same passwords again and again or ones that are easy to guess.
If an employee has been sharing their devices with their family members, have they given away their passwords? Is the password the same across work accounts and personal accounts?
Establish a policy that requires employees to choose passwords that are a minimum of 16 characters with a combination of upper and lower case letters and special characters – and educate them on the consequences of reusing them.
Multi-factor authentication (MFA) is also a good idea, requiring users to submit multiple details such as a password and authenticator code for example, to log into accounts.
Talk to us
If you’d like any advice about ensuring a secure return to the workplace for your employees, contact our team at:
03333 208 601
