In light of increased COVID-19 restrictions, and following a recent government announcement that even after the end of the pandemic, it’s estimated at least a third of people will remain working from home, now is the time to shore up your data protection and security protocols.
In the early stages of the pandemic many people were setting up dining-room-table offices and making use of only the technology they already had. In contrast, OX365 IT Support clients already had appropriate remote working tools, as required by the inclusive Business Continuity risk assessments we provide during onboarding and reviewed annually. Many people are facing another stint working from home, and business owners’ and customers’ data is, again, put at risk.
Whilst having an IT Support provider will inevitably be the best option for all businesses, for process support including remote working, and security and data backup management, there are still some measures you can put in place to ensure your staff and contractors can work effectively and comply with your company security policies.
Here are some top tips to help secure data and maintain your business data protection whilst working from home:
Provide your staff with appropriate technology and don’t ask them to use personal devices, software or hosted services. Providing company assets to your staff and contractors means you can ensure their security is effective and actively monitored with proper business security tools. It’s all well and good providing your team with shiny new laptops and systems, but if they aren’t secure, they might as well use their own devices.
Use agreed communication facilities with all staff - there are many platforms available for secure communication and data sharing (Microsoft Teams for example). If you need to share data via email, which isn’t always secure, create a sharing link in OneDrive with an expiration date and requiring authentication. Alternatively, if options are limited, password protect attachments and send by email, and inform the recipient of the passwords by phone, text or WhatsApp.
Remote working channels might include Microsoft or third-party Remote Desktop, web-based collaboration platforms, or by Virtual Private Network (VPN). For simplicity, it’s not uncommon for small businesses to use insecure PPTP VPNs, or Microsoft Remote Desktop through an open port on their router. Multifactor authentication and complex passwords should be enforced on all your remote working channels, and the channels should be adequately encrypted. If you‘re unsure about your security being sufficient, contact an IT company for advice.
Removable storage devices are useful for transporting data. However, they are easily misplaced, difficult to track and manage, prone to failure and data loss and are a common target for malware. Secure online file sharing (e.g. OneDrive) is safer, and can also generate audit logs for your internal compliance
Staff IT Training improves efficiency and reduces risk. Delegate security training to your IT company or a suitably knowledgeable member of your team, and also engage your team with a cyber security awareness program which can be fun, with many online training portals including gamification features. The program should at a minimum include acceptable usage, malware, phishing, and support and reporting lines.
OX365 offer a full IT Support and Security service. Please see our IT Support pages to see what what we include in our complete fixed fee service, offered under a rolling quarterly agreement. If you need either short or long-term support, our team can keep your team working effectively.