Cyber security for remote workers

There has been an abrupt shift to remote working in the UK and beyond as a result of the Coronavirus pandemic.

Even companies that had never previously had staff working from home have adopted some form of remote working and the trend looks set to continue. A survey of nearly 1,000 firms by the Institute of Directors, published in October 2020, showed that 74% plan on maintaining the increase in home working.

The switch to remote working can result in big changes for both businesses and employees. While many will have reaped the rewards of remote working, such as increased productivity and a better work-life balance for staff, it can also create new risks, including to a company’s cyber security.

To help with improving cyber security for home working here are some steps to consider:

  • Put in place clear policies and procedures for staff who are working at home – these should cover topics such as accessing and handling data. Also, consider creating written guides for staff on any software that they’re using for the first time to help them work from home - this may be especially helpful if your IT team is over-stretched.
  • Remind staff of the need to use unique and complex passwords – the National Cyber Security Centre (NCSC) recommends using three random words together as a password. Also, use multi-factor authentication where available for an extra layer of security.
  • Educate staff about avoiding email scams – cyber criminals have been sending ‘phishing’ emails - often linked to Coronavirus – to try and trick users into clicking on a link, which if clicked on could lead to malicious software (malware) being downloaded. These messages can be quite sophisticated and may even appear to come from someone within the company, so ensure employees know not to click on them, how to identify them and then what to do.
  • Use a Virtual Private Network (VPN) – these enable remote users to securely access your company’s files and other IT resources. If you’re already using a VPN, make sure it’s fully patched, which basically means that it’s updated.
  • Verify user identities – ensure that you can verify the identity of all users before they access work applications. This can be done using multi-factor authentication such as a push message sent to employee mobiles for them to accept.
  • Ensure video conferencing security – video calling has become a popular way for teams to stay in touch, but it too has security risks. Use appropriate and secure software, such as Microsoft Teams, and use security settings to restrict access to meetings using passwords. This way you can control when people can join the meeting, or who is allowed to share their screens. Also, beware that phishing links can be shared by malicious people in the ‘live chat feature’ of video calls.
  • Beware of the risks of removable media – removable media is anything that can be plugged into a computer, from a USB stick to a smartphone or tablet. Sensitive data can be lost, or malware introduced into your systems via removable media. Take steps, including using antivirus tools where appropriate or offer other tools for employees to use when transferring files.
  • Have a plan in place in case devices are lost or stolen – this can occur easily when staff work remotely. To protect data on the device if this happens, make sure your devices encrypt information and data stored on them – this just means the device automatically scrambles it to make it unreadable to unauthorised users. Also, encourage staff to report any losses as soon as possible.

These tips are just a start – if you need further support, we have partnered with cyber and privacy experts CyberScout to offer our small business and small farm customers free access to a 24/7 cyber helpline until 31st December 2020.

To receive guidance on managing cyber risks or support following a cyber incident in your business, call CyberScout’s 24/7 free helpline on 0800 069 8203, ensuring you have your NFU Mutual business policy number to hand.

What you need to know

This is a helpline advice service only provided by CyberScout on behalf of NFU Mutual for customers who do not have a commercial cyber policy, with an annual turnover up to £3 million and fewer than ten employees. When you call, the scope of your cyber query or incident will be assessed in your initial consultation with CyberScout. If the team are unable to resolve your query over the phone, you will receive a full quotation from CyberScout to liaise directly with them and access the full range of services and support available.

It is not an insurance cover, and any additional costs and support are not covered by NFU Mutual, nor are these costs recoverable under your NFU Mutual insurance policy.