According to a recent study by Morphisec, 49 per cent of employees had never worked remotely prior to the pandemic. While the Morphisec study examines the American workforce, the trends are global – as much as a third of the Australian workforce worked remotely during the height of pandemic lockdowns. 

The last few months have seen the Australian government increase warnings about risks from cyber crime, fraud and disruption. While the majority of the concern is often around big businesses, national governments and global corporations, the fact is that working from home has made us all more vulnerable. The Morphisec study also found that 56 per cent of employees were using their own personal devices for work. On top of that, 23 per cent were unsure of the basic security protocols on their own devices. 

Luckily, there are some straightforward ways you can protect yourself, your co-workers and your company from cyber threats while working remotely. 

1. Secure your router (your digital front door)

Your router is your devices’ connection to the outside internet and therefore the door to your online communications and data. While many routers come with preset passwords and security information, this can be easily accessed by criminals and almost all providers post that information online for technician and administrator assistance. It’s a good idea to change your default settings and update your password. You can also take the additional step of encrypting your router to add another level of security – a second lock.

2. Bring in a firewall (don’t let criminals ‘rain’ on you)

A firewall will protect your network and devices from malicious internet traffic. Your devices may already have built-in firewalls, in which case you simply need to switch them on, but it’s also worth reviewing whether your firewall is network-based or host-based. Network-based will protect the network, while host-based is focused on devices and, ideally, you should have both. A firewall is necessary for all businesses. 

You can also pair an endpoint protection platform with your firewall, which will identify and remove harmful programs or applications on your network or device. Endpoint protection platforms are a key solution for protecting all of your devices, a particularly important step if you already suspect you have a virus or malware on your computer. 

3. Automatically update your software and back up your data (old software has open windows and doors)

We’re all guilty of hitting the ‘remind me later’ button on software updates. Setting up automatic updates for your operating system and computer software is the best way to ensure your software is as secure as possible. In a remote work environment, it’s incredibly important to make sure your devices are as up to date as possible. Manufacturers use these updates to fix any vulnerabilities that have been discovered, so it’s worth taking the 10-minute tea break to patch those holes. 

Back up any data that would debilitate your business if you lost it. Ransomware attacks occur when criminals gain access to your data and hold it ransom. On average, it takes 51 days to resolve a ransomware attack. That’s 51 days of interrupted business operations – not to mention paying the ransom to a bunch of online criminals. If you’ve got a secure copy of all of your data elsewhere, then ransomware attacks are much less likely to impact you.

4. Manage your passwords (the keys to everything)

If you’re guilty of sharing two or three passwords across your entire network (or even just one), then you’re opening yourself up to security issues. Using a strong and unique password for all your logins and changing them frequently will make it harder for criminals to access your data. The addition of a password manager will ensure you can operate seamlessly even with multiple passwords. Where multifactor authentication is available – USE IT!

A system which puts in another step before your accounts can be accessed, such as a one-time passcode, will protect against brute force password attacks. 

5. Use a VPN (private communications’ network for your company)

Using a VPN is an essential best practice when it comes to security. When you connect to public Wi-Fi, you open yourself up to others who are on the same network, especially if there is no password (security is shaky at best if there is a publicly available password). If you’re working from a cafe or public place, a VPN will ensure your device isn’t accessible over public networks.

A VPN, or virtual private network, is a system that encrypts the connection between your device and a server. This prevents anyone from being able to openly see or log your activity while you’re connected to the internet. A lot of VPNs offer a free option, but if you’re regularly working from locations other than the office or home, it’s worth upgrading to the base paid package to ensure your device is as safe as possible. A proper VPN (mostly in the form of a paid package) is one that encrypts both your activity on the network as well as your connection to the server, creating true privacy. 

6. Encrypt your email (if they open your email, they can’t read it)

Adding a solution to encrypt your email is key to protecting your communications, especially when they are business confidential or customer sensitive. For communications that contain sensitive information or documentation, it is business best practice to implement email encryption so that the content or data is not openly visible to external players. Encryption is the use of digitally generated keys to hide the contents of a message so that only those with the correct keys can view the plain text message.

7. Employee online security training (a must for every business)

Your team is the weakest link, and it only takes one mistake to create a hugely disruptive cyber event. In the July 2020 Small Business Survey released by the Australian Cyber Security Centre (ACSC), 20 per cent of respondents did not know what ‘phishing’ was. There are numerous solutions that provide cyber security training and awareness. Providing foundational knowledge for your employees can be the difference between clicking on a malicious link or leaving it alone. If people are aware of the common tactics, techniques and procedures that criminals use, they are armed to prevent a majority of cyber crime and fraud.  

These key steps will ensure your business is safe and you’re operating smartly. 

Over the last financial year, the ACSC responded to 59,806 cyber crime reports at an average of 164 cyber crime reports per day, or one report every 10 minutes. In the July 2020 Small Business Survey released by the ACSC, 62 per cent of respondents have been victims of a cyber security incident. As more and more offices consider the option of long-term remote working options, let’s do it smartly and securely. Don’t let the bad guys win.

Terry Roberts is former Deputy Director of US Naval Intelligence and the CEO and founder of ASX-listed cyber security firm WhiteHawk.