Remote work is here to stay, making cyber security an important issue for small and medium enterprises (SMEs). Here are some ways to protect your business (and employees) against cyber security threats.
Twenty-two percent of business owners we surveyed in the UK are concerned about cyber security with employees working from home—and their concerns are valid.* The swift shift to remote work in 2020 left businesses, and their remote employees, exposed to a variety of cyber security threats.
In a different survey, nearly two-thirds of UK companies (64%) report that most of their business has been conducted virtually since the start of the pandemic**, and because of this, one in five SMEs have fallen victim to cyber security attacks in a three-month period in late 2020.
The connection between remote work and cyber security risks is not one businesses can afford to ignore for long.
Here are three things you can do to protect your employees and, by extension, your organisation from falling for a cyber threat.
1. Communicate regularly with employees about best practices
All it takes is one person clicking one link, giving malicious code an opportunity to make your business vulnerable to cybercriminals. Your employees are both your number one line of defense against cyber security threats and also your weakest link (full research available to clients).
Employees are scattered, relying on their personal internet connection and are likely sharing it with partners, roommates, students, and family members. They might be feeling pandemic-related stress and burnout from remote work. Yet, their role in protecting the organisation from cyber threats is more important than ever, making it critical for business leaders to make cyber security training for employees an ongoing priority.
According to a Verizon report, one out of three data breach incidents involve insiders (your employees or partners) exposing confidential information.
Regularly communicating best practices can help keep cyber security at the forefront of employees’ minds, reminding them about basic dos and don’ts. Your security awareness plan may include longer workshops or regular newsletters that include cyber security tips.
Other simple best practices include avoiding unsecured public WiFi networks, practice recognizing phishing attempts, changing passwords regularly, using multifactor authentication, and using a virtual private network (VPN) when connecting to the internet from a private connection.
Continuously communicating these guidelines to employees on a weekly or monthly basis can help keep the information fresh in their minds and, as a result, keep your business safe from threat actors.
2. Invest in the right security technology
Twelve percent of UK companies reported needing new security software since the beginning of COVID-19, and it’s not too late to invest in the right tools.
You’ll want to assess where your security strengths and vulnerabilities lie and what tools you already use, if any. This will make it easier to identify which remote tools will be most beneficial. Below, let’s take a look at some software platforms that can strengthen network security.
Endpoint security software can help protect network servers and devices such as laptops and mobile phones. It can detect and block malware, help prevent a ransomware attack, and assess any safety files that are downloaded.
Virtual private networks (VPNs) add a layer of security for those relying on their own internet connection by encrypting data sent through web servers. Companies may require the use of a VPN if remote employees access confidential information, client information, or the company’s intranet
Most data breaches are linked to weak passwords. Password management software can help employees generate strong passwords and securely save passwords
Software updates are important for security. Encourage employees to update immediately rather than postpone their software updates. Patch management software can help businesses manage updates and reminders to remote workers
Multifactor authentication tools add a layer of security by requiring a passcode or biometric information, in addition to passwords, in order to access business accounts.
Adding security software and technology to your cyber security arsenal can give your business’ security strategy an added layer of protection. These tools can help employees work more securely while remote.
3. Create a cyber security incident plan
By training your employees and adopting security software to add extra layers of protection, you’re doing everything you can to mitigate cyber security risks. Even with these measures in place, however, your organisation can fall victim to a data breach.
However, only 37% of businesses have a cyber attack response plan, according to Gartner (full research available to clients).
If an attack happens, there needs to be a plan for how to handle it. For example, if an employee clicks on a phishing email mistakenly, who should he or she contact in the business? Then, what should that point of contact do to inform the larger company and minimize the impact on your business and its data?
When creating your cyber security crisis management plan, be sure to keep it as simple as possible; incorporate existing and emerging threats, consider critical infrastructure, and test the plan regularly to make sure it runs smoothly.
Within the plan, be sure to form a response team, define what type of incident will trigger the plan, and create a crisis management flowchart that shows what actions should be taken and when.
You should also create crisis communication templates that you can use to save time when crisis hits and clearly define roles and responsibilities in the plan for each member of the response team.
Be sure to also communicate this plan to all employees by letting them know who they should contact should they accidentally click on a phishing email or malicious link.
A holistic cyber security strategy can protect your business
Protecting your business against cyber security threats means fortifying your business on all fronts.
This means taking all of the above steps to ensure that you are fully prepared to both prevent and handle cyber incidents. Train your employees on cyber security best practices, so they know what a phishing email looks like and what to do when they receive one. Add security software tools for that extra layer of protection for your sensitive data.
And lastly, while all of these above steps are great ways of mitigating cyber attacks, a crisis management plan is the last line of defense. If the worst happens, everyone knows what their role is to fix the problem.
All of these together create a secure environment that you can continue to operate within, feeling comfortable and confident.
Methodology
*Data for the GetApp New Business Model Survey was collected in November 2020. The sample comes from an online survey of 1,851 respondents that live in the UK. The survey data used for this article comes from 539 participants who have qualified to answer. The information in this article corresponds to the average of all surveyed participants. The criteria for participants is: Owner, founder, or another head role, C-suite executive (e.g., CEO, CIO), or president or vice president.
**Data for this study was collected in December 2020 from an online survey of 541 respondents that live in the UK. To participate on the survey, respondents had to be employed full-time in one of the following roles: Owner, founder or other head of an organisation, C-suite executive e.g., CEO, CIO, president or vice president, director, manager, working for a company of up to 250 people, and/or working at the organisation during the COVID-19 pandemic.
Note: The applications selected in this article are examples to show a feature in context, and are not intended as endorsements or recommendations, obtained from sources believed to be reliable at the time of publication.
