Remote working – safeguarding your data
As the COVID-19 lockdown persists, we continue our series of blogs relating to remote working and protecting your business communications. Here, we share some best practice and procedures to help keep your business safe from online threats.
Protecting your business
During this unprecedented period more employees than ever are working from home and, as a result, you are likely to be allowing many more different devices than before to connect to your network. This unfortunately increases the likelihood of a security breach occurring and presents an opportunity to cyber criminals.
Security breaches can take many forms, from deliberate hacking, to accidental loss of personal data, to phishing and malware threats, any of which could have serious detrimental consequences to your business.
To reduce risk, network infrastructure should be super strong and provide a high level of protection – but your network is only as secure as the clients that are connecting to it. We have created a three-point plan to help you stay safe whilst reaping the rewards of remote working.
Connect securely to safeguard any information that is accessed remotely – this will also protect the integrity of the device being used
Firewalls prevent unauthorized access by a third party to a private network. They create a buffer zone between your own network and external networks such as the internet. It is important to make sure your network has a robust firewall which is locked down to only allow access to permitted traffic.
Virtual private network (VPN)
A VPN allows you to create a secure connection to another network over the internet before sensitive data is sent. If using a third party VPN, make sure you have the technical ability to configure it yourself – also consider that if all employees use the same VPN connection that you may have inadvertently created a single point of failure.
Data should be protected by being encrypted before being sent or stored. Complex algorithms conceal and lock your data packages, making them difficult to hack without the correct encryption key.
Educate employees on how to stay safe when using devices away from the office – this includes how to store devices safely and build up an awareness of potential risks
Access & authentication
Two-factor authentication, using a separate device like a mobile phone to prove your identity for added security, is one of the first and most important measures that can be implemented.
When implemented correctly, passwords are a free, easy and effective way to prevent unauthorised access to your devices. Passwords should be easy to remember, but hard to guess. If complex passwords are enforced, then password expiration times may be extended or removed altogether. In fact, the latest guidelines advise that suitably strong passwords should not be changed periodically, but only in the case of a suspected compromised account. Always change default passwords before devices are distributed to staff.
Data is shared everywhere with varying degrees of sensitivity to your business, its customers and competitors. The General Data Protection Regulation (GDPR) dictates that both businesses and individuals have an increased responsibility to protect data handling and storage. Strict processes must be observed to avoid severe penalties and fines.
Phishing & malware
We have already seen an increase in phishing attacks surrounding the COVID-19 pandemic. Cyber criminals are preying on people’s fears of the coronavirus and are using emails to try and trick users into clicking on a bad link by promising new information or encouraging them to donate money to what looks like a good cause. Ask staff to remain vigilant and share with them regular updates of recent and ongoing threats.
Physical security of devices also needs careful consideration. Limit the amount of data stored locally on devices and encrypt hard drives as required in case a device is lost or stolen. Enable automatic screen lock PINs or passwords across devices where available.
Implement a specific Mobile Working Policy – this ensures sure all staff members, including those primarily office-based, understand their responsibilities when working remotely
Principle of least privilege (PoLP)
Use the PoLP when configuring accounts. Make sure each user has the correct access to systems but that the level of permissions given is always the lowest needed to perform their job function. This will help reduce the impact should an employee fall victim to a phishing attack, for example.
Bring your own device (BYOD)
Flexibility in working practices has resulted in an increased number of employees wanting to use their own devices to access company data. IT departments must implement policies that govern the management of unsupported devices to ensure anti-malware software is up to date as some of these devices may have already been compromised or could be in future.
All virtual meetings should be protected using a randomly generated password with screensharing restricted to only enable the host (or persons authorised by the host) to share content. Only share the view of relevant applications rather than sharing the entire desktop with attendees. GDPR legislation still applies to videoconferencing – anyone using a webcam must ensure no confidential or sensitive information is visible, for example confidential paperwork on a desk or data displayed on a whiteboard in the background.
Recovery & reporting
If there is a security breach or system failure, there should be a clear reporting procedure in place, this will include who to report a problem to, what action will follow, and who should be informed if data has been wrongly accessed or exposed. Encourage all staff to ask for help (regardless of their location) if they are concerned or think they might have been a victim of a cyber attack. Do not punish staff if they are accidentally caught out.
Get in touch
Having been awarded the highest cyber security accreditation available under the government-backed Cyber Essentials Scheme, the Incom-CNS Group are proud to uphold first-class security standards.
Whether you are an existing customer or not, we are experts in helping organisations work remotely and securely, so if you need assistance with anything mentioned above or other professional advice on keeping your business communications operational, our team can help. Please contact us on 0161 788 0000 or email firstname.lastname@example.org
Read more blogs in this series:
Get in touch
0161 788 0000
We pride ourselves on offering businesses award-winning customer service and first-class advice on every aspect of business communications. We would love to learn more about you and your specific communications needs, so please get in touch.
The Trust has a long-standing relationship with Incom-CNS and considers them an important partner. The Mitel solution has delivered the increased resilience required for our critical services.
The Mitel solution from Incom-CNS has helped us to save money, improve our flexibility to manage seasonal demands, increase our efficiencies and deliver exceptional customer service.
Our customers can speak to the right person, first time, and this level of service sets us apart from the competition. In Incom-CNS and Mitel we have the perfect partnership.
Throughout our relationship, I have found Incom-CNS to be very helpful and professional. I would not hesitate to recommend Incom-CNS to other companies.
The Mitel system from Incom-CNS will pay for itself in two years through significantly reduced management costs and savings on our telephone bill in the order of 20%.
We have worked with Incom-CNS for twenty years and trust their advice and technical capabilities. The Mitel platform is a reliable solution that meets our current and future requirements.
Put simply, the Mitel Unified Communications solution deployed by Incom-CNS delivers less complexity, ease of use and a much lower total cost of ownership to Ison Harrison.