Make your Employees your Firewalls!
The year is 2021! We have all just been through one hell of a rollercoaster ride with Covid! The last 12 months has forced so many changes to businesses and their employees. A record number of companies have had to pivot their workforce to make them more agile. Remote working and flexible working practices have been fast-tracked, and it is widely assumed that this is here to stay! The ability to work from anywhere, using any device at any time, seems to be the mantra employees want to work to.
Any device, anywhere, anytime mantra does make sense if you want to be a business that can respond to change and be agile. Your employees will most likely be satisfied with the new working practices as they get to reduce their costs of having to travel into the office and save time on their commutes, not a bad outcome, right? Wrong!
From an employee perspective, there are many benefits to be able to work remotely. But from a cybersecurity perspective, it can be the devil’s child! You see, when employees work from home, they will be using their network connections, be surrounded by family, have various distractions and a raft of other things that perhaps would not be present when in the office. As such, the cyber-risk that exists would be far more significant, so you need to understand and mitigate these issues as a business.
Teck Genius has worked with several businesses over the past 12 months to secure and govern their working from home capability. What we have found is that once Users are educated, trained and shown awareness; they have been the biggest assets when it comes to security.
Five common business security risks that Users can be guilty off and what to do to address them
1. Wi-Fi and Networks: Probably the most significant risk of working remotely is how you connect to the internet and other networks. Regardless of whether you are connecting via a Public Wi-Wi or your home broadband, it is highly likely that the security configuration that exists will be significantly lower than your office networks. This means that the risk of snooping, hacking, malware, and packet sniffing is a lot higher and so can compromise your device and data.
The solution to enhance the security when working remotely is to deploy a few security products such as VPN, web filter and aggressive anti-virus / anti-malware solution. Doing so will increase the protection of the device and data. You can also restrict access to non-authorised networks and enforce VPN connectivity to encrypt all network communication.
2. BYOD (Bring Your Own Device): Your business should have a BYOD policy, and this must be supported by tools to ensure access to services is managed and monitored. The risk of non-company devices being compromised is high and so data and credentials could easily be stolen.
The solution to this is to restrict access to company data and services by utilising VPN’s and SSO/MFA solutions that perform checks prior to access to ensure the request is coming from an authorised device.
3. Password Policies: Having a password policy that forces your users to create and use complex passwords should be mandatory. The need for regular time dependency password changes must also be introduced. Doing so can reduce the risk of compromise of “easy to guess” passwords. Sharing passwords must also be discouraged as it opens a host of issues with data access and security.
The solution for password security is to ensure every service has a unique password and that the user is forced to create complex passwords that have a mix of numbers, letters, and special characters. User training around password sharing should also be made available.
4. Device Locking: Your devices are the gateway to your information, so you must always make it that much harder for unauthorised access. The most straightforward way to accomplish this is to have a policy that locks the device after 30seconds to 5 minutes of inactivity. Doing so will ensure that prying eyes will not be able to see or access anything.
The solution for auto-locking is to put in place a group policy on the device that automatically locks the device in the event of inactivity. To unlock the device then; a user has to enter their password.
5. Software Installation Lockdown: Allowing users to install applications can be an enabler for productivity but an absolute security nightmare. The risk of altered download files, already infected files, malware etc is increased if a user can install apps without security oversite.
The above five strategies can significantly reduce your security risk and keep your users and data safe. Using your employees as firewalls and giving them the policies and training to be aware of cybersecurity can be your biggest asset.
We hope this article has provided you with the information you need when it comes to the user and device security.
If you like the sound of the ‘hands-off’ experience and having your IT and Cybersecurity taken care of by highly trained professionals, we would love to hear from you. Call our friendly team of experts on 0345 314 2001 for a relaxed chat about how we can make all this happen for you. Our team is ready and waiting to help in any way they can.
You can also find us at www.teckgenius.co.uk, where you’ll discover our full range of services that help you leverage the power of technology whilst enjoying the cost-savings that it brings. Alternatively, please contact us here