Adapting Cyber Security for a Distributed Workforce

Given the immediacy of the changes, most transformations to home working were successful and employees happily accepted the new norm of having a home office. But just as people have began to settle into this new way of life, many businesses are expressing growing concerns around cyber security and issues with remote access to their data.

With a large percentage of staff working remotely to retain a level of productivity, businesses now have an established ‘distributed workforce’. Aside from the various benefits and flexibility this offers, it also means that there is a wider attack surface for their business network, resulting in an increased level of risk from cyber criminals.

The question now is how can you reduce that level of risk? More specifically, how can you do so without major downtime or a complete redesign of the IT infrastructure, which will affect productivity to level that is not viable?

Adapting to home working

The vast majority of businesses have historically operated from a single fixed location. That was still true at the start of 2020, before the global pandemic hit. Even then, it was challenging to keep pace with cyber security recommendations for users that need secure access to business IT systems.

That challenge has seemingly been amplified by the acceptance that the distributed workforce is here to stay – and could even become the standard way of working in the future. Along with employees and business owners, best practice cyber security measures also need to evolve in response to an increased threat level from cyber-attacks.

Why are cyber-attacks on the up?

Adapting to a distributed workforce has various knock-on effects for small and medium sized businesses. Employees are expected to work from home, in the office or on site as required, often without notice. We have seen the effects in the last 12 months, when SMEs (with mixed levels of success and efficiency) have quickly scrambled to make ‘connected’ home working viable and possible for their office-based workers.

With 2020 behind us, most businesses have now adapted and made connected home working possible. By and large, that has provided a welcome reduction in the usual business expenses linked to a city centre office. However, many have done so without undertaking any sort of threat analysis for cyber-attacks.

It’s well known that most recorded cyber-attacks target system endpoints (laptops, PCs and mobile devices) as well as users (through emails and social media accounts). When working at home, it is easy to adopt a more relaxed approach. That increases the likelihood of success for these attacks, with increased costs being incurred for the ensuing business disruption.

Cyber security steps for SMEs

When addressing cyber security for a distributed workforce, it’s important to recognise the change in behaviour for endpoints and users. Staff are expected to undertake more flexibility, combining work duties with home schooling responsibilities.

This brings additional users onto connected endpoint devices, which increases the levels of risk. That often results in blurred lines between the use of a company laptop for work and non-work purposes.

Similarly, home working typically comprises multiple devices sharing the same Wi-Fi or network for work, schooling or the needs of other household members. In this instance, a VPN (virtual private network) with two-factor authentication is critical when connecting to the business network.

Finally, there’s a risk that the more relaxed approach to viewing website content and email attachments that you may have for non-work devices will transfer to the approach for work devices. Without the right protection, this can lead to an increased amount of system downtime with malware and viruses residing on work laptops. This underlines the importance of having endpoint baseline protection, effectively acting as an insurance policy.

Understanding your vulnerability

For many businesses, the biggest concern is that they are not aware of existing malware or ransomware on their network. Additionally, many are not equipped to protect themselves against new targeted threats.

The first step should be to undertake a known vulnerability assessment, which involves every device on the network with an IP address. This type of assessment makes comparisons for known malware and ransomware as part of an internal review, in addition to checking for any external network vulnerabilities.

To find out more about what is involved with a Thinc known vulnerability assessment for your business, simply contact our team and speak to our advisors today.