Why remote working has exacerbated cyber-security concerns

Posted by Richard Forrest, a senior associate at Legal Futures Associate Hayes Connor ^[1]

Forrest: Data breach claims may become more frequent

The ‘rule of six’ has been in place since 14 September, with fines levied for those who break it and now we are seeing even more drastic restrictions reimposed. So what does this mean for the UK’s cyber-security?

Covid-19 changed the way we live and work at the drop of a hat, meaning firms and individuals alike have had to adjust to a new way of life. This increased our reliance on technology which, in turn, increased our risk of falling victim to data breaches.

Now, with people heading back into a lockdown-esque situation, experts within the field fear that individual data breach claims ^[2] may be pursued more and more often. But why exactly is this, and how can we tackle the inevitable cyber-security issues we face as Covid-19 progresses?

Why is cyber-security a bigger problem with remote working?

I’m sure you’ve heard it said many times by now that remote working makes cyber-security threats much more likely. Let’s look at why.

For starters, transitioning speedily to a remote working situation without having the proper infrastructure to do so was always going to be risky. That said, it couldn’t be helped in the circumstances.

The smartest business owners chose to adapt to ensure their companies and clients were as safe as possible during this time. They made sure to invest that extra time and money into transitioning everyone effectively for a long-term work-from-home structure. Employers that did so made sure that their employees:

• were working on a VPN: home wi-fi poses the risk of being easily hacked into, so accessing company information through connecting this way is a risk. Instead, a VPN provides a secure internet connection which is much more difficult to hack into;
• were working on company laptops: personal laptops are much less secure than work laptops as they often have little security, and are usually outdated, making them much more likely to risk cyber-attacks;
• had malware protection installed on their laptops: most personal laptops will have minimal malware protection installed, if at all. So, anyone working on them are at a much greater risk of falling victim to hackers. For those who could not provide company laptops, being sure that all staff were working on a protected home laptop was key; and
• updated their laptops frequently: it’s thought that those who keep their devices consistently updated are less likely to experience an attack. Being sure to do this, and that all employees do the same, was paramount.

That said, many company owners did not adapt, and still haven’t done so, leaving their data at even greater risk. This might have been due to a lack of time during this stressful period, a lack of funds to do so, or a lack of knowledge on the gravity of this situation.

Either way, a large number of small businesses are still unequipped with the necessary tools and knowledge to successfully avoid a breach. It’s also thought that over 77% of UK companies ^[3] do not have an incident response plan. So, if the eventuality occurs, a plan of attack is lacking.

Other reasons why the pandemic increased the risk of cyber-threats

It’s not just working from home that poses a larger threat to companies. The world became drastically more reliant on technology when lockdown hit, resulting in people changing their habits altogether. Now, people have been, and are still:

• communicating predominantly through video chat software, like Zoom and Facetime;
• shopping online more so than before;
• using test and trace, and therefore handing personal data over to more businesses, many of whom will not be used to handling customer data in this way;
• downloading apps to order food in pubs and restaurants; and
• spending a lot of time at home, so becoming a lot more susceptible to scam emails and phone calls.

To top this off, the number of home devices in the UK is increasing ^[4], leaving people more and more vulnerable every day. What’s more, smart homes are becoming the norm, so the question is: are they listening to you?

We’re now in a melting pot of potential cyber-threats. This is why it’s so important, now more than ever before, to take the necessary action against them.”

How can we avoid cyber-security threats whilst working from home?

The seriousness of this can’t be overstated, which is why individuals and companies alike must take the action to protect themselves.

What can I do as an employer?

You have a responsibility to ensure your data is protected, and your staff are in the know. These tips should be in place even without people working from home, but are especially important now:

• Provide secure passwords ^[5] on the arrival of new employees;
• Set up multi-factor authentication on all systems;
• Set up all work PCs and laptops so they go to sleep automatically after a couple of minutes without use;
• Install malware security software on all computers;
• Provide work laptops;
• Provide training sessions on all things GDPR, including how to recognise malicious emails, how to send an email correctly to avoid a data breach, how to handle company information, and more;
• Be sure to monitor all of your accounts regularly, including emails and bank accounts;
• Contact the correct organisation if you are notified of or detect any suspicious activity;
• Make sure your company has a VPN ^[6], and that all of the staff are connected to it for everything work related; and
• Use PayPal when providing or paying invoices from any unknown entities.

What can I do as an employee?

Although it won’t necessarily affect you personally if your firm’s is data is breached, it is your responsibility to ensure this doesn’t happen, for the sake of your firm and your job. So, here are some actions you can take, as an employee, to protect the data where you work:

• Use the secure password provided by your work colleagues on arrival for everything work related;
• Don’t divulge any business information to anyone outside the company;
• Be sure to update your devices and software regularly when suggested to do so;
• Don’t use your work laptop for personal things;
• Don’t use your personal laptop for anything work related;
• Let your employer know if you notice any suspicious activity;
• Don’t overshare online;
• Use https:// URLs when browsing to ensure they’re secure;
• Be sure to stay on the VPN for anything work related; and
• Shred any sensitive documents.

What to do if you’ve been a victim of a data breach

Although many firms have been, and still are, going back to normal by sending people back into the workplace, everything has changed. With so many people still working from home, it’s down to you to do your bit to ensure your firm remains safe from any cyber-security threats.

That said, even with all of these actions, the threat of exposure is always there. But if you follow the steps above, you should remain as safe as possible whilst working from home. The question is, have you put all of these safeguards in place to avoid falling victim?