SUMMARY:
- Remote work has saved Sydney commuters $5.6 billion
- There is greater risk of cyber security threats when working in an uncontrolled environment out-of-office.
- Poor cyber hygiene results in impact to profit and can damage your brand
- Tools, education and sound internal policies can be used to prevent breaches
The idea of the ‘traditional workplace’ has transformed. As employees and businesses adjust to the “new normal” and the flexibility of hybrid work environments, so too should your cyber hygiene practises.
Cyber hygiene refers to the ongoing practice of routinely and repetitively assessing and preventing cyber security threats in all aspects of a work day. Similar to the practice of daily hygiene routines, a business needs to become so proactive in managing cyber security from the top-down it becomes as habitual as brushing one’s teeth.
There are significant benefits to remote working, including increased productivity and cost-saving efforts, although it has also meant it’s become easier for hackers and cybercriminals to gain access to company and client data through unregulated at-home office environments.
At National Audits Group, we employ staff on both an onshore and offshore basis, with multiple teams working remotely. We understand first hand the importance of taking data security seriously and being proactive about data protection. This is why our team follows these guidelines thoroughly to protect client data and prevent breaches or attacks, and how we know your company too can create healthy data hygiene habits.
Let’s explore how remote working became the “new normal”, the best ways your business can go about ensuring all staff are practising good cyber hygiene while working from home and the implications of poor cyber hygiene on your business.
Remote workforce the “new normal”
Remote working is here to stay, with increasing numbers of employees favouring companies that offer hybrid environments, and more companies willing to offer that flexibility. As a result of the work-from-home restrictions during the pandemic, as well as the advancement of communication technologies, remote working has never been so accessible.
Not only have work-from-home policies helped to save Sydney commuters $5.6 billion alone previously spent on travel to-and-from work, employees have reportedly spent almost a quarter (22.3%) of their reclaimed time not commuting doing additional unpaid work.
In fact, a global study by the Csiro found that the Australian worker would now factor in this average savings of $10,000 per year not commuting into which employer to choose when job hunting. Meaning, allowing for remote work could mean the difference from just filling your vacant positions to attracting high quality candidates and most importantly, retaining them in your organisation long term.
Remote work has its perks for employees but it also has cost-saving benefits for businesses as well. The most obvious being reducing overheads, like utilities, rent, rates, and office supplies – especially if you downsize your commercial space. There’s also an opportunity to reduce spend on catering, cleaning, and other business expenses.
Whether you’ve allowed employees to continue to work-from-home on a full-time basis since March 2020, or you’re considering switching to a hybrid model, it’s crucial you establish solid cyber hygiene practises to avoid cyber threats and data breaches.
Best practises for good cyber hygiene in remote work environments
While it’s inevitable that human error and the occasional mistake can occur, good cyber hygiene while working from home is about minimising this risk. By starting with the fundamentals, you can ensure the foundation is laid to prevent these adverse impacts to your business growth or brand. Antivirus software provider Norton advises that good cyber hygiene involves “three basic principles”: using the right products and tools, performing tasks correctly and establishing a routine.
1. The right products and tools
There are a multitude of cyber security software that businesses can employ to prevent cyber attacks and scams, including but not limited to antivirus software, malware software, network firewalls, VPNs, network security monitoring tools, managed detection and response services, encryption software and penetration testing.
Cyber security software helps to not only protect networks and personal data from attacks, but can boost customer confidence. It’s not uncommon for websites that acquire customer data, especially ecommerce sites, to list protective softwares in place.
It’s crucial that employees regularly update software, such as apps, web browsers and operating systems. These updates help ensure the platforms your business uses have patched any errors or security gaps. Allow automatic updates as a feature so your team can set and forget this task.
When it comes to the right tools for your cyber hygiene, passwords are key. Strong passwords must be used by all employees across all working platforms, especially when using at-home wifi. It’s advised they are at least 12 characters, including numbers, symbols, and capital and lowercase letters. When laptops are in a home environment where anyone can access them, strong passwords ensure secure business data. Password managers can come in handy here.
It’s also recommended businesses use two-factor or multi-factor authentication for an extra level of security. This involves using more than just a password, such as a code sent to a smartphone or even fingerprint and facial recognition, to login to a platform.
All of these tools used together are the first line in defence to prevent cyber attackers from accessing customer or corporate data while working remotely.
2. Performing these hygienic tasks correctly
Onboarding employees with in-depth education and training is crucial for practising good cyber hygiene. The Australian Cyber Securities Centre (ACSC) provides a suite of resources to train employees, including a specific resources page for remote work. This includes publications on the risks associated with remote desktop clients, the proper usage of Virtual Private Networks (VPN), and how to secure web conferences (online collaboration tools like Zoom).
For example, web conferences for team collaboration are inescapable in remote working environments, so the ACSC recommends businesses practise the following activities:
- Configure the web conferencing solution securely
- Establish meetings securely
- Be aware of unidentified participants and surroundings
- Only share what is required
You can also use integrated securities platforms that provide employee training, such as KnowBe4 or mimecast. These platforms can explore anything from simulated ransomware and phishing attacks to password exposure tests.
It’s not enough to understand how to avoid these attacks but you need to do so most effectively across a business. And as part of good data governance, you want to ensure that duties around cyber securities are spread across employees so that it is not in too few hands. For example, if one employee holds all company passwords this is a significant security risk.
3. Establishing a routine
To make any cyber hygiene routine stick you need to establish a routine of practising it. Repetition is key here, even outside of the office.
Start simple by setting calendar reminders for employees to update their software, use antivirus software to scan for viruses and update their passwords until it becomes a habit. Regularly cleaning the data on devices is also a great habit to establish, as many employees may not realise that simply deleting a file does not permanently remove it. Data-wiping software clears out data you no longer need, and regularly doing so can prevent data breaches.
Consider regular testing, such as quarterly or biannual assessments through any integrated securities platforms above, to make sure employees are keeping up with these cyber hygiene practices and are up-to-date with the latest security threats. As part of the onboarding process, consider monthly updates to all employees around the latest cyber security information.
The impacts of poor cyber hygiene on your business
While there are a range of benefits to remote work, it also means decreased visibility and limited interaction from IT and other internal securities experts, leading to a higher likelihood of cyber attacks and data breaches.
Employees working from home may also be less likely to report cyber security issues or data breaches – especially if they’re lacking the education around how to identify these vulnerabilities in the first place. For example, an employee may be less likely to ask IT about a potential phishing email when working from home than in the office through the lack of face-to-face communication.
The financial impacts of cyber attacks on your business can be monumental. The IBM-Ponemon Institute Cost of a Data Breach Report 2021 found that work-from-home arrangements last year did make companies “more vulnerable” to cyber attacks. The report also found that reported data breaches involving remote workers cost businesses $1 million more on average than those that didn’t involve remote workers.
In fact, one financial services company was recently forced to pay $750,000 in costs to ASIC due to repeat breaches. It will also have its “hand held” through a detailed security audit after its poor cyber security was found to be in breach of the Corporations Act.
Not only can the monetary impacts be severe as per the example above, poor cyber hygiene and regular data breaches leads to brand damage, loss of trust from clients and loss of new customers. And with ‘online’ being one of the most popular ways customers do business nowadays, data breaches are even more likely to scare off future sales if they occur.
Learning to adapt to modern challenges, like hybrid or full-time remote work environments, is all part of the journey of supporting a business. And just as this new working model has its benefits, you have to be proactive about the potential risks of cyber attacks and scams when staff are remote working.
Practising good cyber hygiene is all about routine and repetition. Making a habit of positive behaviours, like allowing automatic software updates, regularly running antivirus programs and frequently changing passwords, should help to keep your client information and company data safe and secure in a remote work environment.
Steven Watson
Managing Director