The arrival of the COVID-19 pandemic and resulting nationwide lockdown in March and now in November 2020 saw UK businesses rush to transition to remote working. Since then, employees around the world have been working from home, offices have been deserted and businesses of all shapes and sizes have been re-evaluating their strategies. The era of remote working arrived years ahead of schedule and caught businesses out: many had never experienced remote working and had no plan.
Fast forward through the height of the lockdown, and many companies have found success in enabling their employees for remote work. In the UK and Ireland, employers expect the amount of regular remote workers to double to 37% post-pandemic and, even more encouragingly, 82% of businesses will continue to encourage their employees to work remotely long term.
Remote working can offer great benefits for businesses, such as increased productivity, cost savings and greater employee satisfaction, but remote access must be secure and built into a solid strategy. If it’s not, the consequence could be a fatal cyber-attack.
Our handy guide will help you understand how to keep your business secure whilst your employees are working remotely. We have also outlined a three-pronged approach to securing remote work for your business both now and in the future, so your employees can reap the benefits of remote working and you can rest assured in the knowledge that your business is secure.
One of the biggest issues facing most businesses, both now and in the future, is how they can secure their remote working environments and make sure they don’t fall victim to cyber-attacks.
It’s no secret that global cyber-attacks have risen amid the COVID-19 situation. The rush to remote working left many companies vulnerable: set-ups weren’t properly secured, and employees were unaware of the potential risks when working away from the secure office network.
Cybercriminals began targeting the most vulnerable businesses, as well as industries under the most pressure such as healthcare and manufacturing. A Mimecast report focused on the first 100 days of the COVID-19 crisis highlighted the dramatic rise in cyberattacks: spam had increased by 26%, impersonation attempts were up by 30% and malware detection was up by 35%. Overall, cyber attack detections had risen by over a third.
A shocking report by Kaspersky indicates that by the end of the year, 2020 will have racked up somewhere in the region of 1.5 billion reported cyber-attacks.
During uncertain times, businesses cannot afford to be caught out by threat actors. The average cost of a data breach is around £2.9 million in the UK, which could mean the end of the road for almost every SMB.
Cybercriminals are becoming more sophisticated in their methods, but the technology industry also develops every day, enabling businesses to identify and prevent attacks more efficiently. There are excellent cloud security solutions that can offer low-cost, full-coverage protection against cyber-attacks.
Worryingly, the rate of adoption of cyber security solutions has actually decreased in 2020, so far by nearly 6% on the forecast (Gartner research cited by Computer Weekly). The expectation now is that investment in cloud security will grow, but only by 2-3% overall for the year.
With cyberattacks on the rise and security adoption down this year, companies need to act fast to ensure adequate protection both during a pandemic and when it’s ‘business as usual’.
· Turn on automatic security updates for all employees
· Secure networking devices
· Ensure device encryption is turned on
· Protect identities with multi-factor authentication for all staff
· Encourage the use of background blur in meetings
Securing remote work is more than just investing in a firewall. To have complete peace of mind that your business and your employees won’t fall victim to cybercrime, your business needs to go through the following stages:
If you haven’t already, it’s time to invest some time in creating a security strategy. Two strategies in fact: a long-term security plan and an emergency plan. A long-term security strategy will underpin your business and keep it secure at the foundations. It should be inputted into by all business departments, focus on implementing integrated solutions and factor in employee awareness. Planning out the types of security solutions you are going to invest in and when will give you a clear roadmap.
Once your core security strategy is built, it’s time to create a disaster plan version. A disaster plan will not only protect your business during a pandemic but could make it stronger if there are subsequent waves, increasing the stability of your company long-term. Both plans should include a clear remote working policy for the current climate as well as the future; this is the first step to showing your employees that you are versatile and reactive to unstable situations.
A solid way to begin a (or adapt an existing) security strategy is with scenario analysis. This gives you the opportunity to consider different cyber threat types and develop a rapid detection and response plan. Quick identification of, and response to, threats has never been more important, but this can only be achieved by having a holistic view across your entire IT infrastructure. According to Microsoft, the average large organisation has 75 IT security products, most of which aren’t integrated with each other. With little or no integration, security teams have difficulty seeing everything that’s happening and are unable to prioritise threats.
The best way to achieve a complete view of your IT infrastructure is to build a layered system of products and solutions that are designed to work together. This will give you a complete view of your cloud and/or hybrid environments and enable you to make informed and strategic decisions. Having an integration solution is even more important when your security teams are working remotely. Giving them a clear picture of the situation on a few key dashboards will keep them connected and confident.
With Windows Virtual Desktop (WVD), businesses can offer their employees remote desktop access with the familiar Windows experience. As a Microsoft Azure delivered solution, WVD can offer you huge scalability without compromising at all on security, offering the same enterprise level security features that Azure is renowned for.
Microsoft 365 Business offers a comprehensive and powerful set of security features which, when layered with an email security solution and complete back up service, can provide high-quality protection for your business and employees. As a plan that supports WVD, it integrates nicely to offer seamless connectivity
Microsoft 365 security benefits:
Device protection and management is essential when it comes to securing remote working. Securing your Windows devices has never been easier with Microsoft Intune. The program allows remote device management and offers automatic updates and malware protection.
Microsoft 365 does already offer back-up capabilities, but where security is concerned, it is vital to layer the best solutions to achieve the best results. With Acronis back-up cloud, the flexibility and protection options are almost endless. Acronis integrates seamlessly with Microsoft and other third-party cloud solutions, to ensure your layered security solutions fit together perfectly and leave no gaps.
Mimecast offers seamless and comprehensive email protection, safeguarding your employees from threats like phishing, impersonation and ransomware. Cyber criminals attack businesses through their inboxes more than any other method, so it’s vital that your emails are properly secured.
The final stage to securing remote work long-term focuses on your workforce. Unless your employees are sufficiently aware of the risks, and are using the software correctly, having a strategy is pointless. In 2019, human error was the cause of 90% of cyberattacks (infosecurity-magazine), so it’s extremely important that you take steps to minimise the risk.
Provide an ongoing security training plan for your staff, which can be tailored to different departments. Focus the sessions on the threats to look out for, the procedures to follow if you spot one, how to take care of devices at home, and how to adhere to company policies and protocols.
A security training programme should be rooted into your company culture to ensure buy-in from all employees. Keep staff regularly informed of the security solutions that the company has implemented, best practices for staying safe and what to do in an emergency. Use internal newsletters, business social platforms and company meetings to stay communicated. Employees will adopt security practices quicker and be much more inclined to follow procedures properly. “A security programme cannot be successful without the commitment, support, evangelisation, and participating of everyone within your organisation” (IT Pro Portal).
Now that we’ve explored the current business environment and discussed the steps to securing remote work, it’s time to act! We are here to support you in developing a strategy or choosing integrated security solutions. Whatever your business size or type, we can help you discover the right remote working set-up for you.