10 Tips to Keep Your Employees Safe Online
In 2022 the online landscape has changed radically, the switch to remote working and ‘Bring Your Own Device’ (BYOD) policies imposed by the Covid-19 pandemic has engrained remote and hybrid working into our working practises. Keeping employees safe online has never been harder for businesses.
Easy steps to improve IT security of remote and hybrid workers
- Combination of new BYOD, hybrid and remote working practises have made businesses staying safe online more difficult and more susceptible from cyber-attacks.
- Majority of cyber attacks are successful due to human error – training and protecting your employees is the 1st line of defence for your business.
- Ensure basic security principles are being implemented – strong passwords are used for every account and login, password managers are brilliant and easy tool to use.
- Phishing emails are one of the biggest weak points for businesses. Providing Security awareness training for your employees strengthens your defence against potential breaches.
- Use robust anti-virus software to actively scan and search for potential threats to your devices and data.
How is BYOD and working from home affecting cyber security?
According to figures released by the Office for National Statistics (ONS), in Spring 2022, 38% of working adults in Great Britain had worked from home during the last seven days.
However, prior to the pandemic, the number was just 12%. This transition away from the workplace – which involves workplace IT equipment being taken home – is accompanied by an increase in the number of workplaces now allowing employees to bring their own devices into work.
- 85% of organisations introduced BYOD policies in response to the COVID-19 pandemic.
- 87% of businesses depend upon employees being able to access business apps from their own devices.
The combination of hybrid working and BYOD policies has created a situation in which employees staying safe online has become more important and at the same time more difficult than ever.
The move away from a contained workplace network and a set number of officially sanctioned devices has vastly multiplied the number of points at which cyber criminals are able to attack organisational networks.
Tips to keep your employees safe when working remotely
Make sure that the passwords you use for a workplace database, home shopping or a Wi-Fi connection – are as strong as possible by following best practise:
- Using a combination of upper and lower case letters, numbers and symbols, i.e. S£cuR!ty for security
- Steer clear of consecutive numbers such as 1234 or letters like ABCDE or QWERTY
- Use a different password for each device and each account accessed
- Password managers
If the thought of remembering multiple passwords is too overwhelming, a password manager. This operates as a database of your usernames and passwords which is stored securely. The password manager will auto-enter the correct log-in details when provided with logged in with the correct master password.
Using Multi-factor Authenticators can be a very useful tool when managing your logins and adding an extra layer of security to your accounts. Having employees download and use an Authenticator app from their phones when working remotely or in the office, helps to prevent potential security breaches from weaker passwords.
Email accounts are one of the weakest links in any organisations online security and are constantly targeted by cyber criminals – by a technique known as phishing. Cyber criminals go to great lengths to make sure their fake emails look extremely convincing, employees need to be trained never to click on links embedded in emails, as these could be used to gather details such as usernames or passwords, or to install viruses on the device. Providing security awareness training which includes simulated phishing attempts to employees can help prevent this.
In the same way Hackers create fake emails, hackers will sometimes build entire fake websites designed to trick people into entering their details. Often, the only difference between these fakes and the real thing will be a slightly misspelt URL. Employees should be taught to enter the URL of a website themselves rather than searching for a name and clicking on a link, as the search engine results could lead them to a cloned page.
- Updating Software
The software in place on all devices used by your employees should be kept as up to date as possible. Hackers specialise in finding and then exploiting security gaps and loopholes in existing software as soon as they become apparent, so any patches or updates designed to close these loopholes need to be downloaded and installed as soon as possible.
- Downloading Software
The software you download onto devices should always be from a legitimate source such as the app store on a smartphone or the website of the manufacturer of a device. If you search online for the software rather than going directly to a trusted source, you run the risk of downloading a virus, malware or other malicious programme rather than the genuine software.
- Anti-virus software
Make sure strong anti-virus software is installed on computers and laptops, whether business-owned or BYOD. Strong anti-virus software will include a firewall to stop malware and viruses getting onto a device, and also tools to remove any which manage to get through. Modern smartphones have in-built features which play the role of anti-virus software, and as with all other software, the anti-virus programmes installed should be updated as soon as any patches or updates become available.
- Personal data
Don’t make the mistake of ticking the ‘Remember Me’ box when entering a password or saving payment card details. The function may offer a degree of convenience and save plenty of time, but in many cases the Terms and Conditions agree to include details being sold on to third parties. In addition to this, any data which isn’t stored securely could end up being leaked online in the event of a data breach.
- Secure devices
Make sure that all devices used by employees to connect to the internet – whether business or personal devices – are secured using a PIN, password, facial or fingerprint unlocking. That way, if they’re lost or stolen, nobody else will be able to access the personal information and other data stored on the device.
How can I protect my business from Cyber threats?
If you’d like to know more about how to secure your business against cyber threats then speak to one of our Cyber Security experts.
We pride ourselves in staying ahead of the curve assessing and mitigating new forms of risk.From full remote working solutions to Cyber Security testing, mobile device management and email security. If you are unsure of how strong your business security is, contact our team today.