The past year has turned the way we work upside down, and as lockdown restrictions ease, a new way of working has been introduced. Hybrid working, the combination of remote working and office-based working is becoming more and more popular amongst employers and employees.
Tessian reported that 75% of business decisions makers believe that the future of work will be remote or hybrid, and a staggering 89% of employees surveyed said that they want to continue remote or hybrid working in the future. With only 11% wanting to exclusively work from the office, post-pandemic.
There are many benefits for businesses, employers and employees for hybrid working however, the new way of working can weaken a business’s IT infrastructure and can create more opportunities and greater access for cybercriminals.
Similarly, to working from home, or returning to the office there are many steps a business can take to secure their IT whilst preparing for this new style of working.
(Check out our blogs on working from home securely, as well as safely returning to the office!)
First and foremost, businesses should create a new VPN (Virtual Private Network) for any employee who is working remotely or hybrid. VPNs allow you to create a secure connection to networks over the internet. They work by using encryption codes, to scramble your data when it’s sent over a WIFI network making the data unreadable.
Human error is a major cause of data breaches. Kaspersky’s 2019 IT security economic report reveals that “inappropriate IT resource use by employees” is the most common cause of data breaches in small and medium businesses.
Ensuring that all employees understand and are performing proper IT security behaviour, as well as knowing what to look out for and how to report suspicious behaviour will have businesses significantly reduce the threat of data breaches.
Regularly have your IT team audit corporate devices and perform health checks to ensure no unauthorised software has been downloaded, and that apps, software and anti-virus is up to date.
Performing penetration testing on corporate devices is also highly important. Penetration testing will show if and how vulnerable the devices are to cyberattacks, revealing where your company needs to increase security.
Check out our 90-step IT security assessment checklist:
Enforcing regular password changes as well as a minimum character length including special characters will help your employees create stronger and more secure passwords. The National Cyber Security Centre (NCSC) recommend using three random words to create a strong password that is also easily memorable.
If it is necessary to share passwords, for example for shared applications, never share the password over personal devices or email.
Activating multi-factor authentication (also known as two-factor authentication or two-step verification) will add an extra layer of defence.
Check out our top 5 tips for better password management.
HMRC records 73% growth in email phishing attacks during the COVID-19 pandemic. Alongside training employees to be able to identify phishing emails through the means of spotting unfamiliar email addresses, spelling errors, and suspicious links, employers should be enforcing regular password updates and should follow proper password hygiene practices as stated above.
If an employee needs to communicate sensitive information or data via email, you can use encryption apps that will disguise any information from potential hackers.
In June 2020, Kaspersky found that 57% of employees were not provided with corporate devices and only 34% of employees were given any IT security requirements to work securely on personal devices. A year on, and with the introduction of hybrid working, it is now more important than ever that businesses give employees the appropriate tools to complete their work effectively and safely.
Providing employees with corporate devices will mean the business can set up restrictions for types of websites, and downloadable content or applications which will add another layer of security. Furthermore, centralised software and antivirus updates can be rolled out remotely, meaning the business does not have to rely on the employee to update their device.
Small or medium-sized businesses may not have the resources or the knowledge to ensure that their IT security is fully protected and secure. Therefore, seeking outsourced IT management is highly beneficial to ensure that your business is fully protected.
At AZTech IT, we currently offer a free IT security assessment performed by our experts, or you can download our checklist to perform your own IT security assessment. This will help highlight any vulnerabilities and weaknesses you have in your IT infrastructure allowing you time to proactively fix them before any cyber threats occur.