How to Protect Your Business from Cybercrime now Remote Working is the Norm

The sudden pivot to remote working exposed how vulnerable many SMEs were to cybercrime. The sad reality is that many SMEs probably still are. The good news is that they don’t need to be.

In fact, it’s often very straightforward to protect against a lot of threats. To get you started, Director of RoundWorks IT; Luke Watts shares his expertise on how to keep your employees safe whilst remote working.

Assume you’re going to be attacked

Keep all sensitive data encrypted and keep all data backed up. That way, if attackers do manage to infiltrate your systems, your data will still be kept safe.

Understand how the cloud works

In a public cloud, the provider secures the platform against external threats. They also prevent data from leaking between users. It is up to you to secure your data from internal threats. That includes both accidents and mischief.

Build security into your systems

Following on from the previous point, you should now be aiming to integrate security considerations into any systems you run. What this will mean in practice will depend on how bespoke your systems are.

If you’re running “big box” software in the cloud, then really your main defences will be access controls and staff education. If, by contrast, you’re having systems created to your own specifications, then you’ll need to make sure that these prioritize security.

If you’re running software which was created some time ago, then it’s advisable to have it audited for security. You may find that it falls (well) below modern standards. If so, it can be easier to have a whole new system created than to try to update an older one.

Take care of your security basics

A lot of cybercrime prevention really boils down to basic housekeeping. In particular, apply updates as soon as they become available. Even if all your software is in the cloud, you’ll be accessing the cloud from hardware devices. This means you’ll have operating systems and/or firmware to update.

All online-capable devices should be behind a firewall, this includes devices linked to the Internet of Things. All devices with mainstream operating systems should be protected against malware. This definitely includes smartphones and tablets as well as laptops and desktops.

Have all remote/mobile staff connect to your network through a VPN. In theory, this should only be necessary when they’re using public WiFi. In practice, you have no idea how secure their home WiFi is so it’s better to be safe than sorry.

Remember physical security matters

If someone can get access to a physical device, then they can potentially tamper with it so that it helps them to gain access to your network and data. This is particularly relevant now that many companies are implementing two-factor authentication by means of text messages rather than by means of tokens.

Enforce robust security hygiene

Do not give staff admin access to their computers (unless they actually work in IT). That way they can’t install malware (or use software illegally). Do not allow social media access on work devices. This might have been a reasonable perk in the past, but now your staff can check in to social media on their own devices.

Make sure that all users have unique usernames for each application and enforce strong password policies. Wherever possible, back this up with two-factor authentication.

Educate your staff about cybersecurity

In particular, make sure they know how to identify scam calls and how to keep themselves safe on video-calls.