How to prevent cyber-attacks on remote workers

With more and more staff working remotely due to the pandemic and, with many companies planning to continue that practice once the pandemic is over, cyber-attacks are becoming more of an issue for businesses. When working in the office, it’s easier to get help if something goes wrong and the IT department can more easily protect staff with standard IT practices. When employees work from home, however, there are more risks involved, simply from employees not knowing enough about cyber-attacks and how to protect themselves.

So, what do remote workers need to know and how can they lessen the chances of a cyber-attack?

What are cyber-attacks and how can they affect remote working?

There are many ways malicious people can attack a business, including SQL injections, denial of service attacks, malware, ransomware, phishing scams, and more. You can find out more in this helpful article from the National Cyber Security Centre: https://www.ncsc.gov.uk/information/how-cyber-attacks-work.

The object of these attacks is often about obtaining money or data. Criminals may divert payments to themselves, steal intellectual property, acquire sensitive data, such as credit card information or block access to computers until a ransom is paid.

Cyber-crime can be highly damaging to businesses, not just with the cost and time of putting systems right after an attack, but in terms of fines from the Information Commissioner’s Office (ICO) if customer data has been breached, loss of reputation and trust, loss of customers and investors and, potentially, even closure of the business.

Upgrade your malware protection

There are a number of antivirus programs, including Avast, Bitdefender, AVG and Kaspersky. These programs can definitely help protect your devices against malware, however, your IT department really should be providing a preferred antivirus program to all employees, whether working in the office or at home.

A good antivirus program should offer browser protection, email security, virus quarantine and removal, regular system scans, and behaviour-based detection. Even better if they include a firewall to block any threats on your network, and a VPN to encrypt your IP address and web activity.

The main thing with these programs is that you need to have one on every device, keep them updated, and set them so that scans run regularly, without you having to remember to scan your devices. Out of date antivirus programs that are never run might as well not be on your computer.

Only use devices provided by your company

If you’re using your home computer and mobile phone to access your company network and send and receive files and information, you are putting your company at risk of system breaches and viruses.

Home computers are generally not as well, or as easily, protected as company-only devices that have been set up by a professional IT team. You, or the kids, may click on a phishing email by accident or follow a link to a fake site, opening your computer up to viruses, scammers and more.

Stick to using devices provided specifically for work and don’t use your personal email to conduct company business. Whatever guidelines and rules are in your company’s Remote Working Policy, you do need to follow them to keep your company’s systems and data secure.

Don’t let others near your work devices

It’s so tempting to just let the kids play a game on your work laptop or to let other family members use it to browse the internet, but it’s too easy to click on the wrong thing or download something that can infect your work laptop, potentially opening up any sensitive data to criminals.

There’s nothing to stop you from working in a coffee shop if you want to, but use a VPN so you don’t have an open Wi-Fi connection, don’t leave your device unattended, and take care that members of the public can’t see your screen.

Secure your home broadband

When working from home, you have to use your home broadband rather than relying on a much more secure connection at your office or place of business. The problem with that is, unless it’s set up properly and secured, your home broadband could easily be a target for criminals, who can not only get their hands on your own personal data, such as your bank account logins but any sensitive company data that might be on your devices.

It’s easier than it might sound to protect your home broadband and make it more difficult for hackers to get in, with the first steps being to change the name of your router and give it a really strong password. If you’ve ever connected to your broadband and seen a list of possible connections, including Plusnet, Virgin, and other broadband companies, these are routers where the owner hasn’t changed the name, showing anyone who cares to look who they get their broadband from and, for hackers, possible default passwords for their router.

Here’s some great advice from Norton on what to do: https://us.norton.com/internetsecurity-iot-keep-your-home-wifi-safe.html.

Regularly back up your data

Your company IT department should be providing a regular, secure business backup for files and data on the network, but if you’re working on files that are saved to your own device, rather than the network, these won’t be part of that backup, so you need to make sure you back everything up, too.

How?

• You can use File History on Windows 10 to backup your files to a USB or external hard drive.
• Backup online with a service like Carbonite or Backblaze.
• You can backup to cloud storage, like OneDrive on Microsoft 365, Google Docs or Dropbox.

We recommend that you use several ways of backing up your data to ensure your files are safe.

With the right care, it is possible to increase cyber security and help mitigate cyber-attacks against remote workers, with a mix of good IT support and employee education.