This blog post was written by Nick Viney.
With more and more businesses offering employees the opportunity to work outside of the office, it’s no surprise that IT departments are becoming increasingly nervous about the dangers of remote working. As this method of boosting staff morale becomes common, sensitive company data has the potential to be in various risky locations outside the remit of the office safe zone. We’ve rounded up some key areas that all businesses should be focusing on to stay ahead of the game especially when their reputation could be at risk.
Recruiting talent and training
Employees that work outside the four office walls, exposes businesses to the risks of data theft and fraud, even from a distance. By assessing the risks associated with all types of remote working, it’s good practice to train and advise staff on the impact of their actions, otherwise, it’s easy to lose sight of rules and procedures.
Due to the ongoing issue of too few people with the ‘right skills’ in the tech sector, the future to success may be to merge human and machine learning. This could not only reduce the gap, but allow businesses to remain on the front foot against cybercriminals. Without it, we’re could be wasting valuable time that could otherwise be used for innovation and proactive threat hunting.
With emails and the web being the most common form of digital comms in a workplace, staff must be educated on the key giveaway signs in spotting, flagging and reporting anything that looks suspicious. By sharing the responsibility and encouraging employees to flag anything suspect, you’re naturally raising awareness internally and warning others from falling into similar traps – openness is the key, and this way you’re always one step ahead of those with malicious intent.
You must also have trust in the people that work for you. In the “second economy,” trust is key to the success of a business and the prime casualty of conflict. Without it, you may be putting your company, its data and even your other employees at risk. By evolving both technology and organisational culture, businesses would naturally become more cohesive and share responsibilities where no one can do it alone – ‘Together is Power’.
By ensuring that all systems holding any business related data are fully equipped with firewalls and protective software, you’re reducing the risk of data breaches. Teams must work together to ensure tools can operate collectively to protect and detect potential threats. With some data being too sensitive to be outside of the office walls, it’s useful setting up staff accounts with permissions that limit data or deny staff from accessing it remotely.
Security must be taken seriously – from the CEO’s desk to the end user. This is especially prevalent with employees coming and going constantly in a business – Employers must have strategies in place to ensure accounts are deactivated and activated at any given time. Although it’s still early days, we may see GDPR being an opportunity for security transformation across businesses where a culture of privacy is compulsory.
The Cloud has become an integral part of business, however, its advantages come with its own share of high risks. It’s important to note that each additional data storage site increases your exposure to risks, therefore the number of places you’re storing data should be kept at a minimum. By regularly monitoring for any potential threats and implementing a strong security plan with your employees, you’ll have much greater control of your assets. When you have control, especially focused in one dedicated place it’s easier to locate where security is weakest, identify new gaps and mitigate risk quickly.
With the number of businesses offering flexible working increasing, the risk of vulnerabilities is becoming greater. Employers must take responsibility for how staff are administering their first line of defence and consider what policies they need to put in place to concede to these demands in the safest way possible.
To keep up-to-date with the latest cybersecurity news, take a look at the McAfee Security blog here.