Four tips for keeping your business secure during mass remote work

How to maintain a resilient cyber security strategy when your employees are outside the company firewall

Person in a home office at a computer with an unlocked lock on it

While some of us may be working in pyjamas and enjoying a much more relaxed commute—shuffling last-minute from the bedroom to the home office or dining table—data protection laws certainly haven’t relaxed, and it’s imperative that your organisation maintain the same attitude toward security that it would if everyone was in the office.

Extended perimeters and the use of personal devices and networks, in combination with the proliferation of the cloud, make data security a lot more difficult. And when everyone is working from home, communicating and managing security measures and monitoring for breaches can be a struggle.

A serious breach can be fatal for your business, whether it’s through crippling regulatory action or through a tarnished reputation, and even a relatively small incident can stymie the success of your business. So even though it might seem like the world’s upside down sometimes, keeping on top of data security will contribute to your business weathering the storm and coming out strong on the other side.

1. Update your cyber security policy

While your existing policy may have fit office life, you’ll almost certainly need to adapt it to the realities of a distributed workforce, if you haven’t already.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

Push updates to all company devices, systems, and programs to maintain good data hygiene and get the latest security patches. Also make sure that employees know to update their personal devices, and when not to - in the case of a software vulnerability.

Your home working policy should also cover how employees should deal with data when working remotely, including transportation, storage, and disposal, which are all important components of GDPR. Make your policy known company-wide, invite questions, and highlight the responsibility of every employee to stick to it.

2. Encrypt and control access

As part of your strategy, you’ll want to limit an attacker’s reach in the event of a data breach, and one of the simplest and most effective ways to do this is through encryption.

Your IT team will be used to having the ability to monitor server security and the network from within the office, but encrypting all of your employees’ devices, including personal devices and work phones, can achieve the same effect from home. 

Using a VPN to create an encrypted connection to corporate servers also helps maintain data privacy for employees working from any location, particularly as you can’t always ensure that every remote employee is using a secure, private network.

Another method of limiting the spread of a data breach is by limiting the access each employee has.

If an attack is made through an employee who only has access to the resources they need for their daily work, then an attacker will have difficulty reaching some of the more critical areas of your network.

A zero-trust model, in which it’s assumed that no user or device inside or outside the network can be trusted, is a holistic approach to cyber security through limiting user access. Even by picking out components of the model, like multi-factor authentication, you can set up several barriers against potential breaches fairly easily.

3. Train employees in security awareness

Even if you have great policies and the best cyber security tech, they won’t save you if your employees aren’t properly trained in your policies and basic security awareness.

Encrypting your devices and using VPNs and/or zero-trust security measures is important, but you also need to educate your employees on the dangers of setting their home Wi-Fi passwords as ‘password’, or connecting through unsecure public hotspots.

Employees will typically represent the biggest vulnerability in your security posture, whether that’s due to malicious insider attacks or, as is most often the case, human error of some kind.

Train your workers to recognise phishing emails through some form of company-wide cyber security awareness training. This type of attack increased internationally by 59% in the first few months of the pandemic and, followed by stolen credentials, remains the most common vector of attack.

According to the 2020 State of privacy and security awareness report, 43% of employees are not aware that clicking a suspicious link or opening an unknown attachment in an email is likely to lead to a malware infection.

4. Stick to GDPR guidelines if a breach does occur

It’s still possible your organisation gets hit with a data breach, and if it does, you still have the same responsibilities as before the pandemic.

While the Information Commissioner’s Office said in a notice published in September 2020 that it’s committed to an ‘empathetic and pragmatic approach’ that takes into account how difficult times are right now, organisations are still required to report breaches to the ICO within 72 hours of becoming aware of them - provided the incident is likely to infringe on the rights of the data subject.

With a third of respondents in the 2020 State of privacy and security awareness report saying they would ‘probably’ report a security incident and 19% saying they weren’t sure or simply wouldn’t report it, it’s clear that some work is still needed to ensure that employees take responsibility for their own cyber security. Part of this is ensuring they understand when a data breach has occurred, but it’s also important that you foster a culture that makes it clear that accidents can happen and employees shouldn’t feel embarrassed about reporting even the smallest of incidents. 

Featured Resources

Edge-enabled mobility of the future

Turning vehicle data into value

Download now

Modern networking for the borderless enterprise

Five ways top organisations are optimising networking at the edge

Download now

Address multi-cloud configuration risks

Cloud security challenges and how to overcome them

Watch now

The total economic impact of IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify

Download now

Recommended

Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

5 Mar 2021
Virginia passes consumer data protection law
data protection

Virginia passes consumer data protection law

3 Mar 2021
Hackers steal 70GB of data from far-right social network Gab
social media

Hackers steal 70GB of data from far-right social network Gab

1 Mar 2021
Microsoft and FireEye push for corporate breach reporting rules
data protection

Microsoft and FireEye push for corporate breach reporting rules

24 Feb 2021

Most Popular

UK gov flip-flops on remote work, wants it a standard for all jobs
flexible working

UK gov flip-flops on remote work, wants it a standard for all jobs

5 Mar 2021
Star Alliance passenger data stolen in SITA data breach
data breaches

Star Alliance passenger data stolen in SITA data breach

5 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021