How can you reduce the risk of a personal data breach?

Figures released in by the UK’s Office for National Statistics last spring suggested that almost half of the nation’s working adults (49.2%) were based at home. And, even as the Covid programme continues apace, there is little sign of when, or even if, employees will return to the office en masse.

So the pandemic has changed the way we work, potentially permanently, and employers also need to adapt. If you’re responsible for your business’s IT security, in particular, you may need a fresh approach.

Some figures make for worrying reading. According to the National Cyber Security Centre, there was a 600% rise in phishing scams early on in the first lockdown. Another piece of research, by legal company Hayes Connor, found that around one in five home workers had received no training in cyber-security. Equally, more than half (57%) of IT decision makers feel staff working from home could put their employer at risk of a data breach.

Clearly, the office shutdowns which began last year happened at speed, so it’s certainly understandable that not all smaller organisations in particular have been able to prioritise computer security. But inaction could lead to a serious data breach, bringing untold financial and reputational damage.

Here are some straightforward things you can do to enhance IT security among those working for you remotely:

• Passwords should be complex, containing special characters, numbers and capital letters. One good idea is to use three random words. Have a separate password to access email. Don’t use anything that can be easily guessed, and ensure people update passwords regularly.
• Implement multi-factor identification so that users are prompted during the sign-in process for an additional form of identification, such as to enter a code on their mobile or to provide a fingerprint scan. If one of the factors has been compromised by a hacker or unauthorised user, the chances of another factor also being compromised are low, so requiring multiple authentication factors provides a higher level of assurance about the user’s identity.
• The computers your staff use at home should be office ones, not the employee’s own. Equally, only they should use that machine, and it should be used exclusively for work.
• Train staff as far as possible, so that they are aware of the various cyber-threats they could encounter, and understand what they need to do to protect themselves. After all, data protection is the responsibility of everyone. Equally, be sure everyone knows where and how to report a potential data breach – people should feel confident doing so and not worry that they will get in to trouble for reporting something.
• Access to data should be on a strictly ‘need to know’ basis. Employees will need a certain level of information to do their day-to-day jobs, but no more. If people need to print out documents, consider providing shredders to those who don’t already have them.
• Have up-to-date remote IT use policies and give staff access to them with the chance to comment and ask questions.
• Have the best cyber-security software solutions you can afford in place. That should include a Virtual Private Network (VPN) for secure, encrypted connections to your servers. Make sure staff back up absolutely everything.
• Finally, it’s worth having policies in place for anyone who leaves while working remotely. Make sure they can’t do anything malicious if their employment has ended unhappily. But, equally, make sure you have access to all their data and that they can’t take anything sensitive such as customer information to a future employer, who could be a competitor.

New Guide to Safe Home Working

What can you do to ensure your organisation stays safe with a remote workforce?

DOWNLOAD Remote Working ebook

How we can help

At Epoq IT, we specialise in working with small and medium-sized businesses. We can help with flexible IT solutions to help you manage remote teams’ IT securely, to prevent personal data breaches and, ultimately, boost business performance. Get in touch today to learn more or request a free security review.