How to Balance Staff Flexibility With IT Security

The past two years have seen huge changes in many areas of life. While some may be temporary others will have a lasting legacy that changes the way we live and work over the following decades. 

 

While the stability of the 9-5 in the office with fully secured IT systems may not be as realistic as it once was, there are still ways you can allow staff flexibility to work remotely or via a hybrid working model and still keep your IT policies secure. 

 

Hybrid working definitely presents more challenges for IT teams to keep cyber attacks at bay, but overall there are upsides for the business and employee too with flexible working offering a better work-life balance for the employee and potential efficiency improvements and cost-saving for the business. 

 

So how can IT help to provide flexibility and security with robust data security, and fast secure infrastructure?  

 

Knowing the risks

 

In order to attract and retain the best talent employers need to offer some form of flexible working, and supply staff with good IT infrastructure and tools to enable working seamlessly in and out of the office. So the strategy has to be to work with this new model and implement the best possible IT strategy to mitigate the risks. 

 

The main increased risks with remote working are listed below: 

 

  • Data Hacks – Strong password protocols and multi-factor authentication are more important in order to make it harder for cybercriminals to access sensitive company data.
  • Endpoint security – Employees personal devices that may already contain malware is an obvious weak point that needs to be addressed. Neglecting this threat can lead to malware getting onto the company’s network.
  • Phishing Emails – Phishing is the most frequently used cyber attack by hackers. With employees isolated from managers and IT support, relying on more digital communication, and using their own devices in some cases, it is easier for these types of attacks to be successful.  
  • Insider attacks – In some cases remote workers feel disconnected, and have less trust in co-workers. Added to a greater lack of supervision this could lead to a rise in insider attacks where disgruntled employees leak data or deliberately bring malware into the IT systems. 

 

So now we have highlighted some of the increased risks, what are some steps to mitigating them? 

 

Cybersecurity training

 

Hiring an IT support company with specialist cybersecurity and remote work training programmes is a great starting point to educate your staff on the risks. While these types of courses were important before the pandemic, they are even more important today. 

 

Providing staff training on cybersecurity safety and password protocols is a good way to make flexible working much more secure for the organisation. 

 

You can also extend the training to cover issues such as network security,  IT policy changes, and mental health while working remotely.

 

As we have discussed, phishing is a major threat for remote workers, so ensure you make that a priority and that staff know not to click on links and attached files from unknown sources without verifying them as safe.

 

 

Device Security

 

Antivirus software is a good first step but you need to go further to ensure devices are secure against threats from hackers and malware. 

 

Passwords: Passwords offer a good level of defence against attacks as log as they are secure enough. For this reason employees need to set long passwords that are obscure and difficult to guess. 

 

Hackers will often scour social platforms looking for clues that can help them guess personal passwords. 

 

Using a password manager is another good way to make your passwords more secure as they can be encrypted and stored securely, not written down where they can be discovered. 

 

While it may take a few seconds more to login in, multi-factor authentication is a great way to ensure the person logging in is genuine and not a threat to the system. 

 

Device care:  Devices should be locked securely and require a pin or password to open them. This can also include fingerprint or facial recognition. 

 

There should be a short timeout setting so that after a few seconds without interaction the device is automatically locked. It’s also important that all devices are kept up to date with the latest Operating System software updates. 

 

All other software tools and apps should be updated, including your anti virus software to cover the latest known malware signatures. 

 

Extra tools: Data encryption can add an extra layer of protection so that even if hackers intercept sensitive data they can decode it and cause any damage to the business. 

 

 

About EC-MSP, your IT support partner

EC-MSP are one of the most trusted IT support providers in London. If you would like more help advice and support with technology for your business, contact us today to see how we can help.