Cybersecurity and remote working: how to stay secure when working outside the office

Many workplaces have some level of cybersecurity considerations and have procedures in place to guide employee operations in a range of scenarios. However, responding to a global pandemic is unlikely to have featured in many company policies. In response to lock-down and at home/remote working, businesses have had to consider how their systems remain secure when employees are based outside of the office for extended periods of time.

Whilst some businesses are transitioning back to the workplace, the reality for others is that their employees may be split between office and remote working for the near future.

Why robust Cyber Security Road Map is Vital for Remote Working

For many businesses, the transition to remote working for a large percentage of their workforce will have been rapid, unplanned, and disruptive to normal workflows. Whilst some employees may already work from home on occasion, having large numbers move to remote working with immediate effect will have added pressure to IT teams. For those unfamiliar with remote working, recognising risk at home, understanding the importance of robust cybersecurity measures away from the office and taking ownership of risk in a different way maybe a new challenge. However, if they are not already in place, now is the opportunity to ensure systems and communications are adequately protected.

Securing Remote Workers Communications

Securing communications when working remotely is vital to protect both the end-user and the corporate environment. A number of options are available to create secure communications for employees and clients. These options include:

• Creating a two-factor authentication process that combines a password with a digital code that is typically sent to a separate device
• Making sure employees understand that just because they are working from home, they still need to use employer approved devices for accessing communications and systems, as well as storing business-related data. This will also ensure data is stored and protected in line with GDPR policies
• Ensuring employees have a secure Wi-Fi connection, or in the event it cannot be made secure, making sure a (Virtual Private Network) VPN is in place to facilitate secure communication between the home and work network.

Whilst no remote working situation can be completely risk-free, embedding a range of options in combination with policies that are well communicated to employees is a good start to ensuring risks are minimised or mitigated wherever possible.

GDPR Awareness and Remote Working

Whilst data is required for many work tasks to be completed, whenever a new way of access is created in response to a change it heightens the risk of that data being used or communicated in a way that does not comply with GDPR expectations. Ensuring vulnerabilities are known and risks reduced and managed is essential to maintaining robust security whilst working remotely. 

To manage access to data, both encryption and controlling access more generally are important features. Encrypting data is important because if stolen it is less likely to be legible and therefore less useful. Whilst more straightforward in a controlled office environment, encrypting data as part of remote working can be combined with usual processes. Encryptions can be applied to devices, hard drives, and individual files. Devices used by home workers should have full disk encryption (e.g. BitLocker) enabled to preserve the confidentiality of data, should there equipment be lost or stolen.

Controlling access should be limited to those who require access only. Limiting the number of individuals who can access data will reduce the risk and managing the access will be easier. Whilst policies around controlling access may exist within the business, amending them to apply more directly to remote working will give clarity to employees and clients. Adopting least privilege access policy, giving users (and applications) minimum privilege required to perform their activities, to reduce the attack surface. Also, auditing and monitoring remote working practices is an important part of endpoint security. However, this should be done in a privacy-preserving manner, following regulations and recommendations provided by ICO for businesses.

COVID Related Cyber Attacks

Whilst crises can present a challenge for businesses, they are frequently seen as an opportunity by hackers. Taking an advantage of a situation that has several rapidly moving parts and where information may not be communicated efficiently, hackers are able to play on fears, lure people into what they believe to be personal or business opportunity, or take advantage of people when they’re likely to have a mixed focus. In April alone, the Google Threat Analysis Group noted over 18 million daily incidents of malware and phishing in Google accounts, alongside 240 million spam messages related to COVID-19 each day.

Maintaining robust policies, systems and daily practices is essential to reduce the risk. Training staff to recognise potential hazards, educating them on possible attack vectors, including social engineering and phishing, explaining the impact of a cyberattack on the business (e.g. rapid increase in the number of ransomware attacks and how they will affect the business), providing them with a clear reporting process and ensuring someone is available to respond to questions and keeping all the software and devices up-to-date will help ensure risks are minimised.

About the authors

Dr Tooska Dargahi, Programme Leader for MSc Cyber Security, Threat Intelligence and Forensics

Dr Dargahi is an active security researcher, delivering several professional services for businesses, public sector organisations and academic institutions. Having been a guest editor for a special issue in the IEEE Transactions on Sustainable Computing and an associate editor of the “Cyber Threat Intelligence” Springer Book, Dr Dargahi is now a reviewer for several outstanding academic journals including IEEE Transactions on Information Forensics and Security, IEEE Transactions on Big Data, and IEEE Transactions on Emerging Topics in Computing. Dr Dargahi was also a program committee member, and reviewer in several outstanding conferences and workshops, including ACM SAC 2018-2021, IEEE TrustCom 2020, IEEE NFV-SDN 2017-18, IEEE INFOCOM 2017, DIMVA 2017. For more information and to contact Dr Dargahi: https://www.salford.ac.uk/our-staff/tooska-dargahi

Dr Robert Hegarty, Senior Lecturer in Cyber Security

Dr Hegarty is an experienced cybersecurity researcher, with an established track record of working with law enforcement agencies from around the region (Liverpool Police High Tech Unit, Cheshire Constabulary eForensics, Greater Manchester Police, TITAN Regional Organised Crime Unit) and overseas (Abu Dhabi & Kuwait) in a variety of capacities providing; consulting, research and development and training. Dr Hegarty’s current interests are file signature detection, digital forensics, cybersecurity and privacy. For more information and to contact Dr Hegarty: https://www.salford.ac.uk/our-staff/robert-hegarty