The pandemic forced many businesses to set employees up to work from home – fast. Many small businesses, unprepared for remote working, were exposed to an increased threat of cyber breach or attack: employees used their own devices or shared business and home applications; Zoom calls were breached; data was stolen; and all sorts of scams that would normally be aimed at consumers were carried out on work devices.
With the number of employees working from home likely to rise during the festive season, businesses should be on the lookout for some of the most common threats that still exist when employees work from home.
Even if you have implemented stringent cyber security controls, poor employee practices coupled with a lack of security awareness and training can still leave your business exposed.
Firstly, IT teams in businesses that have remote or hybrid working models in place have more to attend to when it comes to security. With more and more people working remotely, your IT team has more endpoints to secure. This can stretch your IT resources and result in endpoints being left in a vulnerable state.
Added to that, there is a diminishing pool of IT talent. Recruiting well trained and experienced security personnel is becoming a challenge during this ongoing, global skills shortage of IT professionals. You are unlikely to be able to plug resource gaps quickly without bringing in external IT service providers. If your business does not have a qualified cybersecurity engineer, you should consider asking your IT service provider to lead you through a process of making your business cyber secure such as the Government’s recommended Cyber Essentials Accreditation programme.
Most businesses whose employees are set up to work from home, have a VPN in place which means staff have access to the business network, including the internet, via a controlled environment. If staff choose to bypass the VPN using a work device, they are at once exposed to vulnerabilities. For example, employees on holiday over Christmas might choose to shop online using their work device, or perhaps there is a work emergency and the VPN is slow to access email; it might be tempting at this point to share sensitive business information over unsecured channels such as free email accounts. There is no cybersecurity team checking your employees’ home networks.
Poor data practices also come into play; employees might load work data onto their local drives and these might not be encrypted.
If you are finding it hard to resource your IT requirements during the ongoing skills shortage, we can help you to bridge the skills gap. You might also find our recent eBook useful How to Choose a Reliable IT Service Provider . If you think we can help, please get in touch.