It’s that time of year again – the weather is unpredictable as ever, and we can rely on one fact – it’s going to be freezing cold. With erratic weather, there may be days where it is simply not safe enough for your employees to travel to the office. At such a busy time of year, this could have a big impact to your business; loss of productivity, getting quotes out to clients, or processing payroll. This is why business owners need to have policies in place in the event of staff working remotely. Among the many factors to consider, below we list the best Cyber Security practices you need to protect your company.
Business has no business on personal devices
As cute as it may be to have screensavers of family pets in the background, personal devices are just not safe enough to use for business purposes.
It should be clear to employees that if they plan on catching up on some work from home AND are using a personal device such as a smartphone or personal laptop to log in to your network – DON’T! Unless their personal device is properly setup with a secure VPN and has a business-grade endpoint security product installed, they could accidentally introduce malware or other cyber attack to the company’s network.
ONLY devices that have been properly setup by your IT provider should be used to work remotely. We can set up a way for your staff to work from home securely; call our office on 01738 237001.
The ONLY thing you should use your company’s workstation or PC for is…WORK!
If staff have a company laptop or smart phone, then personal web surfing and social media should never be allowed on these devices. If there is a need to check Hotmail or Facebook, it should be done outside of business hours and on THEIR personal devices. Over 600,000 Facebook accounts are hacked every day. If employees are using a company device to access a compromised account, they’re opening up a door to a hacker who can then get into your company’s network via e-mail or PC. Bottom line – don’t use company PCs, devices, phones or Internet for personal use.
Don’t download ANYTHING you’re not authorised to download
So, there’s file needed to get over to the printer YESTERDAY and it is unable to “send” via e-mail because the file is too big. What should be done? The right thing to do is contact your IT department so they can assist by installing a secure, commercial-grade file-sharing application. What shouldn’t be done is download Dropbox or some other file-sharing software without telling us. Dropbox and other free apps come with a price: SECURITY. These applications are known for security vulnerabilities and hacks. Plus, if we don’t know about it, we can’t manage it or secure it; so the golden rule is this: NEVER download any software or application without checking with your IT department first!
The RIGHT way to connect remotely to your work PC or server
If staff are on the road and need to access a PC or server remote, they should NOT use GoToMyPC, LogMeIn or similar sites. To be safe, they should ONLY use a secure VPN (virtual private network) set up by your trusted IT company.
The #1 threat to your security is…
People. Like it or not, we are our own worst enemies, inviting hackers, viruses, data breaches, data loss, etc., through the seemingly innocent actions taken every day. In most cases, this is done without malicious intent – but if you as a manager or owner aren’t monitoring what websites your employees are visiting, what files they’re sending and receiving, and even what they’re posting in company e-mail, you could be opening yourself up to a world of hurt.
That’s because employees’ actions can subject the company they work for to monetary loss, civil lawsuits, data theft and even criminal charges if they involve disclosure of confidential company information, personal data, transmission of pornography or exposure to malicious code.
Two things you can do: One, issue an Acceptable Use Policy (AUP) to outline what employees can and cannot do with work devices, e-mail, data and the Internet. That way they know how to play safe.
Second, implement ongoing Security Awareness Training to keep staff vigilant. You should also run regular phishing security tests and score your employees. That will truly show if they know how to spot a suspicious e-mail, and will make them realise how easy it is to be duped.
94% of users don’t know how to tell the difference between a genuine email and a phishing email
If you need help putting these standards in place, and for any Cyber Security concerns, do not hesitate to contact us immediately. We answer all calls live on 01738 237001.
