• Sales: 01494 976939  Support: 01494 444065
How to run your business securely – inside and outside the office. A practical guide for SMEs | Epoq IT
  • IT Support Services
    • IT Support Services
    • MY SERVICE DESK
    • MY INSIGHTS
    • MY SECURITY
    • MY RECOVERY
    • My CIO
    • IT Project Services
    • Cyber Essentials Certification
    • REMOTE WORKING
    • DIGITAL SERVICES
    • Pharma Digital Toolkit
    • OTHER SERVICES
  • CUSTOMERS
  • Solutions
    • SME Managed IT Services Bundles
    • SharePoint for SMEs
    • Industries
      • Pharmaceuticals
      • Legal
      • Recruitment
  • Free Resources
  • Blog
  • About
    • About Epoq IT
    • Leadership
    • Our Mission & Values
    • Careers
Get in Touch
  • X
  • IT Support Services
    • IT Support Services
    • MY SERVICE DESK
    • MY INSIGHTS
    • MY SECURITY
    • MY RECOVERY
    • My CIO
    • IT Project Services
    • Cyber Essentials Certification
    • REMOTE WORKING
    • DIGITAL SERVICES
    • Pharma Digital Toolkit
    • OTHER SERVICES
  • CUSTOMERS
  • Solutions
    • SME Managed IT Services Bundles
    • SharePoint for SMEs
    • Industries
  • Free Resources
  • Blog
  • About
    • About Epoq IT
    • Leadership
    • Our Mission & Values
    • Careers
How to run your business securely – inside and outside the office. A practical guide for SMEs

How to run your business securely – inside and outside the office. A practical guide for SMEs

Cyber Security | June 2021

Embrace a hybrid working future

2020 was a year of rapid change. Overnight, the pandemic pushed most businesses into a remote working set-up – and for many SMEs, this meant rushing to put structures in place that would enable your team to do their job from home. 12 months on, we’re getting used to a ‘new normal’, and some aspects of our lives will look quite different even after the threat of COVID-19 subsides.

In both the short-term and long-term, we’re unlikely to go back to the old world where everyone sits under the same roof, five days a week.

Around 3-4 times more people plan to work from home than pre-pandemic, but some are keen to transition back to the office – either full or part-time.

Adopting a hybrid approach to working is good for your bottom line: flexible policies keep employees motivated; virtual arrangements minimise property costs; and talented people who would never have pursued fully office-based roles will take an interest in your firm. But have you considered the risks?

In this blog, Epoq-IT will outline the main challenges that SMEs face when you’re running a part-remote, part-office-based working structure. And we’ll look at the security initiatives you can put in place to reduce risk and protect your people.


Challenge 1:
securing all your endpoints

What does good business security look like? To many SMEs it’s installing antivirus software on company laptops. But this is no longer enough to protect your brand.

For maximum safety, you need to look strategically at your security set-up and put new templates and technologies in place that safeguard your company from evolving cyber threats. Starting with endpoint security.

Endpoint

‘Endpoint’ is the technical term for any digital device that communicates with your business network: think desktop computers, laptops and smartphones.

Learn more about your biggest cyber security threats:
  • What is phishing?
  • What is malware
  • How does my Cyber Essentials keep my business secure?

The number of digital security risks that SMEs face is growing. From malware and ransomware attacks, to phishing.

There are also new, emerging threats like malicious cryptomining (where cybercriminals use your computer as a power source for mining or stealing cryptocurrency), so you need to protect your endpoints from increasingly sophisticated attacks.

Many companies have moved business software into cloud for greater flexibility and protection. But while this is a clear step in the right direction, the cloud alone doesn’t guarantee security.

If staff can access information from anywhere, so can hackers. That’s why malware attacks increased by 358% in 2020 and ransomware attacks increased by 435%.


Practical ways to increase endpoint security

To safeguard your business against cyber threats, you need to think about how every person in your company accesses your network – and the potential risks that poses.
For example:

To create the highest level of security, ideally you should be issuing company technology to employees, fitted with business level antivirus and anti-malware software that continually monitors and actively remediates cyber threats.

Now is a good time to invest in tech, as a new government super-deduction initiative is allowing companies to claim up to 130% capital allowance on certain machinery assets.

It’s also important you ask your team to only use company-issued tech for work purposes, so you can limit their activity to approved files, sites and apps. Put together a ‘whitelist’ of acceptable sources if you’re worried about people going off-piste.

Smartphones

Smartphones are likely to be your highest security risk, as people often use their devices for both work and personal purposes.


“Are people logging on from a private or public Wi-Fi connection?”

As cafés, co-working spaces and public transport hubs reopen, people will start to work in places other than their homes – either for business purposes or a change of scenery.

Free Wi-Fi is a big attraction for hospitality venues, but public Wi-Fi networks are less secure than a private connection. Hackers can create false wireless access points that enable them to attack devices or harvest sensitive information.

Whenever your team is using public Wi-Fi, make sure they are connecting via a virtual private network (VPN) – this will create a secure data ‘tunnel’ between their device and your system, bypassing unsafe internet connections.

VPN

VPN software can be downloaded directly to your company devices. For maximum security, encourage your team to keep it connected at all times.

What information is your team able to access?

While it’s great to have cultural transparency in your firm, when it comes to sensitive documents, these should be shared on a ‘need to know’ basis.

If fewer people can access important data or edit critical files, there are fewer endpoint openings for cybercriminals to infiltrate. And considering cyber breaches cost the average small business over £25,000 in basic ‘clear up’ costs each year, every step you take to limit vulnerability is worthwhile.

Why every SME needs to know what endpoint security is… read the full story here


Challenge 2:
updating your policies

Does your company have an IT policy in place? Is it up to date?

While many SMEs have a standard document in the archive, if yours hasn’t been updated and shared in a while, now is the time to reconsider its content.

With more staff than ever working from home, it’s really important that you formalise remote access guidelines – and integrate them into your overall business
IT policy.

If you’re allowing staff to work from their own laptop, tablet or mobile, factor this into your remote working template. For example, ask them to make sure your business antivirus and anti-malware software is installed on all devices used to access company data.

But be prepared: your team may not like being told how they can use their personal equipment, so company-owned tech is often a better long-term option!

Points to include in your remote working policy:

  • Use a strong Wi-Fi password for home internet connections
  • Position screens away from windows and crowds in public places
  • Use a screen filter to protect private information
  • Never save documents to your desktop or send via unencrypted email attachment
  • Store work devices securely when not in use

Reporting a potential cyber attack

Prevention is better than cure, but sometimes accidents happen. Last year alone, someone fell victim to a ransomware attack every 10 seconds – and the quicker you can get on top of security breaches, the easier it is to contain them.

When you’re updating your IT policies for a hybrid office/home working set-up, make sure you include protocol on how employees should respond to a potential hack. For example:

  • What should team members do if they think they’ve clicked on a phishing email?
  • How should people respond to a suspected data leak?
  • What happens if someone’s laptop, tablet or smartphone is lost or stolen?

A clear response process – and reassurance that people won’t be in trouble if their actions trigger a security breach – will help your business to limit damage.

It’s also beneficial to include a clause on what happens when someone leaves your company. You want to make sure that your data and systems are secure before they leave, and that you have full control over their system access – particularly if things end unhappily or they move to a competitor.

Remote Working Policy Template

Download our free remote working policy template


Challenge 3:
employee awareness

You might have an up-to-date IT policy in place, but it’s worth very little if your team aren’t familiar with it.

The most secure SMEs encourage your whole workforce to learn the latest industry best practice, and for people to understand their own contribution towards overall data security.

While most companies take cyber threats seriously, it’s often left to business owners or IT personnel to take care of security protocol, but this shouldn’t be the case.

cyber security training

1 in 5 professionals working from home have received no cyber security training

To truly reduce your risk of cyber-attacks and data breaches, everyone in the company has a role to play.

Even simple changes can make your business operation much more secure. For example, 81% of data compromises are caused by weak passwords. To increase security, make sure your team pick passwords that are:

  • At least 8-10 characters long
  • Include a mix of lower/upper case letters, numbers and special characters
  • Avoid common/easily guessable words and sequences

It’s also a good idea to change your work passwords every 90 days.


Ideas for cyber security workshops

One of the biggest security challenges SMEs face is that cyber threats are constantly evolving, so one basic training session won’t protect your business
for life. To make sure employees understand the full scope of digital risks your company faces, why not run a series of targeted training sessions around high profile issues. Workshops could include:

  1. How to recognise phishing emails
  2. What security programmes have been installed on your computer – and why
  3. How to work securely from a public place

If you’re not sure what to tackle first, you can always refer to our blog – how cyber savvy are your workforce – this questionnaire will help you pick a suitable start point.

Unfortunately more than ever, employees are the weak link in an organisation’s network security. They are frequently exposed to sophisticated phishing and ransomware attacks. Employees need to be trained and remain on their toes with security top of mind.

Many companies are turning to comprehensive and structured Cyber Awareness Training: This enables employees to make smarter security decisions by training them to understand the mechanisms of spam, phishing, spear phishing, malware, ransomware, and social engineering, and then applying this knowledge in their day-to-day job. Simply put, this helps you build a human firewall as your last line of defence.

How to manage the ongoing problem of social engineering

Download our Security Awareness Training fact sheet.


Challenge 4:
responding to a digital security breach

We’ve already talked about putting plans for reporting a breach in place – but is your company confident about how to handle a security incident?

Many SMEs have a backup and disaster recovery programme already, but it needs revisiting when you have team members working remotely.

Your aim is to respond to security issues as quickly as possible and to limit any damage; not only for your team, but to meet legal obligations around data protection.

Cloud backup

69% of SMEs are currently backing up data to the cloud – which means that almost a third of firms still aren’t

In a hybrid working set-up, you’re likely to be adding more endpoints to your business network – which means the chances of data being stolen or devices being lost increase. Even if your business network is in the cloud, if someone has stored information to a location that isn’t integrated fully into your network – such as their smartphone or the desktop of their personal computer – then it won’t get backed up.

You also need to develop a clear response plan to support disaster recovery. Who needs to be notified if something goes wrong? Is it the same protocol for everything, or does each type of breach have its own separate response plan? How often will you review your plans?

But always remember that prevention is better than cure – so continue to run frequent backups!

Free disaster recovery check list

Download our free disaster recovery check list


Put security software in place to run a tight knit business

As we move out of survival mode and increase business resilience following COVID-19, hybrid working is a new and exciting frontier – and for SMEs, it can be a flexible, cost-efficient way to run your company.

But it’s important to consider the impact a dual home/office set-up will have on your business network and security, and put the technology in place to run a tightly controlled operation.

The only way to truly safeguard against all cyber threats is to monitor and manage your endpoint security 24/7. And if you don’t have the time, skills or resources in-house to do this alone, a managed services provider can take the responsibility off your shoulders.

Epoq-IT is here to support your transition to hybrid working. Our cloud security software monitors endpoints and network events in real-time, to immediately identify threats and take rapid avoiding action.


Understand your biggest security challenges – and solve them

Epoq IT’s business IT security services will help you to understand the multifaceted risks your company faces.

Tell us your concerns and we’ll put an integrated suite of measures in place that cover policies, technologies, hardware, software, cloud services and training – for complete protection and peace of mind.

Complete a free IT security audit and we’ll build your personal programme.

Subscribe
  • This field is for validation purposes and should be left unchanged.

Categories
  • Business Continuity
  • CIO
  • Cyber Essentials
  • Cyber Security
  • Digital Transformation
  • Disaster Recovery & Backup
  • Innovation
  • IT Security
  • IT Service Management
  • IT Support Services
  • Legal
  • Microsoft 365
  • News
  • Pharmaceutical
  • Recruitment
  • Remote Working
  • SMEs

Unit 9 Anglo Office Park
Lincoln Road
Cressex Business Park
High Wycombe
HP12 3RH

Sales: 01494 976939

All Other Enquiries & Support: 01494 444065

Company Registration No. 4506070

VAT No. 795 3850 80

© 2023 Epoq IT, all rights reserved

CLIENT
Client portal login
LOGIN
QUICK LINKS
  • Contact Us
  • About
  • Leadership
  • Who we work with
  • Privacy Policy
  • Managed IT Services FAQs
Sign up for our Newsletter

Keep updated with the latest news & blog posts, we don't spam and you can unsubscribe at any time.

Email Address

  • This field is for validation purposes and should be left unchanged.

 

By entering your information, you consent to your data being processed in accordance with Epoq IT's Privacy Policy

FOLLOW US