The work from home revolution: keeping business data safe

Compex IT

Love it or hate it, working from home is huge and here to stay.

As a nation, we’ve really embraced the changes forced upon us by the pandemic. Many businesses have become more flexible with a mixture of office-based workers, hybrid workers and fully remote workers.

Because of this, cyber security in 2022 doesn’t look the same. When you have people working away from your office, you need to take additional security measures to keep your data safe.

If any of your staff works anywhere away from the office, there’s a chance they’re taking unnecessary risks with your data.

Many businesses seem to have this covered: they’ve invested in new company devices, increased remote security and have trained their people on best practice.

But there’s something important some businesses haven’t considered, unmanaged devices; devices used to access business data that the company doesn’t know about.

Your company laptop and mobile are likely to be safe because they’ve been set up properly with managed security.

But what about other devices your team use for work? The ‘other’ laptop used to check emails in the evening perhaps. There’s a risk from virtually all other devices on your team’s home networks.

From games consoles to tablets, most people have an entire household of gadgets connected to the network and almost all of them are at risk of being accessed by cyber criminals.

All a hacker needs to do is access one device on someone’s home network. Often, by the time someone’s noticed something’s wrong, it’s too late. The hacker may have gained access to the Virtual Private Network (VPN) that allows you to securely connect to the business’s data.

This means they can potentially gain access to your business’s valuable data, corrupting it, or even worse, launching a ransomware attack.

What’s the solution?

The answer isn’t straightforward. Unless your business wants to take on the security responsibility of all of your staff’s home networks, and all of their devices too.

Here are four measures you can do to lower your risk of an intruder getting into your business network via an unsecured home network:

Help your team secure their home routers

The router is the box that spreads the internet around the house. You might know it as the Wi-Fi box.

You can give every member of your team advice and direct support keeping their router secure, for example: changing default admin passwords to randomly generated long passwords, making sure the router’s operating system, known as firmware, is always up-to-date and disabling remote access, so no-one can change anything in the router unless they are physically in the property.

You could create a policy to make it clear your team must follow standard security guidance for their home network if they want to work from home.

Make sure your systems are monitored

Your IT support partner should be monitoring your systems. That doesn’t mean having a quick check that everything is working as it should be and waiting for you to flag up any issues, it means they should be constantly monitoring your network 24/7, looking for anything unusual that may cause an issue and preventing problems from escalating.

Unfortunately, cyber criminals don’t work to our schedules. It’s likely that they’ll make changes when they believe no-one is watching, like at 3am on a Sunday. Your IT team needs to be ready.

Reassess your Virtual Private Network

VPNs have been invaluable over the last couple of years. But while they’ve allowed remote access to your business network, the large-scale use of VPNs has created a higher risk of a data breach.

If a hacker breached a device using a VPN to get onto your network, it means they could have full access to everything… without needing to pass further security measures.

An alternative option is to ditch the VPN and take a zero-trust approach.

This means the credentials of every device and person trying to access the network is challenged and must be confirmed. This way, if a hacker does gain access, they can only cause damage to the specific system they have accessed.

Carry out a security audit

The best way to ensure your business is protected from this kind of attack is to get a security audit.

Take a look at the security you already have in place and identify what’s missing to keep your business as safe as possible, without getting in the way of everyday work.

If you’re working with an IT support provider, they should already have a fully detailed account of your security systems. It’s worth asking them what weak areas they have identified and your options for improving them.

An expert will be able to assess your business and the way your people work, and make suggestions on the security measures that will work best for you.