Learn how to make your working environment secure against cyber-attacks
Ever since the first UK lockdown 2 years ago, many of us have become acclimatised to the work from home lifestyle. Many companies have adapted their business to incorporate more flexibility when it comes to how employees.
Whether they work entirely from home, exclusively in the office or utilise a hybrid structure, more people are making the change to their work life.
While there are clear benefits of working from home (Less cars on the road, no lengthy morning commutes, and more money in your pocket!), there are also some downsides. One of the most dangerous disadvantages to working from home is leaving the company vulnerable to cyber threats.
Companies keep their data safe by implementing technical and policy related measures at the office. These protections can include installing antivirus on all devices that hold company information, creating a strong and realistic password policy for employees and frequently taking backups of important company records etc.
However, with employees now working from home, firms must secure home their employee’s home working environments to continue protecting their critical information. Let’s look at some tips you can implement to secure your environment:
Apply updates where possible
From your operating system to your web browser, all software needs to be updated so it can be protected from cyber threats.
Whenever a vulnerability is found in a software package (Microsoft word, Google drive, mail clients etc.), they fix the vulnerability. Software vendors will then send out this fix to all users in the form of an update.
Your software will only be protected from that vulnerability if you choose to apply the update. Otherwise, you could be making yourself and your firm vulnerable to a cyber threat that could be easily avoided.
Always apply software updates wherever possible. If your IT is handled by a 3rd party supplier, always check with them before applying updates.
Avoid using personal devices for work
Many employees will consider using their own devices for work for a variety of reasons. However, using personal devices to access company services could leave you exposed to cyber threats.
As mentioned, firms will add technical security measures on work devices to protect client information. However, these protections may not be in place on your personal device.
Attackers will have an easier time accessing client information through your personal device instead of targeting your work device.
You should avoid using a personal device for accessing work information. If you need to use a personal device to access work related information, make enquires with your IT team. They can setup appropriate technical protections on the device that ensure your data and the firm’s data is protected.
Ensure your router is up to date
Your router is responsible for connecting devices in your home to the internet. If the router is out of date or unsupported, it means that it will not be protected against the latest cyber threats.
You can check if your router is out of date by visiting the manufacturer’s website. If the router is out of date, contact your internet service provider (Sky, Virgin, TalkTalk etc.) and they will be able to provide you with an UpToDate router.
While replacing a router can seem like a pain, it is an important part of securing your home network. Neglecting this can lead to unnecessarily exposing yourself and your firm to attacks.
Your router’s password should also be changed.
Many internet service providers use set methods for generating passwords for routers. These methods of password generation are known to hackers. They can use this of method generating passwords to improve their chances of determining your router’s password.
Change the router’s password to something more secure and less predictable.
Utilise access control
Access control means you limit who as access to company information. For example, Marketing employees should not have access to payroll information.
No-one at the company should have access to every department’s information. This system segregates the network and protects other departments from being exposed during an attack.
If a hacker gains access to a user’s account who works in the marketing department, the payroll information is still protected as users in marketing do not have access to it.
Using access control will help protect your employee and client information from being exposed if a hacker accesses a user’s account from another department.
Use Multi-Factor Authentication
One of the most important security measures you can utilise. Multi-Factor Authentication adds an extra layer of security whenever you log into a service, system, or program.
Instead of asking for just a password, the service will ask for a password and a Multi-Factor Authentication code. This will be sent straight to your phone, once setup properly.
Enable Multi-Factor Authentication wherever possible. Even if an attacker somehow gets access to your password, they will not be able to login without your phone.
You should ideally have the multifactor code sent to your work phone. However, if you do not have a work phone, you can set it up on your personal phone. Just make sure you check with your IT team first.
The code sent to the phone on its own is useless without the password. So, if the phone gets stolen, there is no risk of information exposure without the password.
Use cloud services
Cloud services are an effective way to control the access of firm’s information. The information is stored on servers provided by a vendor, these servers are protected by the vendor and your IT team.
Once setup correctly, users can just access that data without any of it being stored on their devices.
Users must login to access the information stored on the cloud. If you use cloud storage and multi-Factor authentication, it will help limit who can access the information and prevent unauthorised access.
Get Cyber Essentials
Cyber Essentials is a certification that shows that your firm has defences in place against the most common cyber-attacks. Getting cyber essentials will help you attract new business because potential clients will have confidence that you are taking steps to protect your client’s information. It may also open some other business opportunities as Cyber Essentials is a minimum requirement to tender for many government contracts.
While getting Cyber Essentials can take time, depending on the size of your firm, you do not have to struggle through the process alone. Lugo are running the Funded Cyber Support for Accountants Programme to help you through the process with free support available.
If you are interested in the opportunity, please click here to find out more:
Funded Cyber Support for Accountants – it’s 100% FREE from ICAS Partner (lugoit.co.uk)