Cyber Security

Why working from home can make businesses more vulnerable to cyberattacks

The world has turned somewhat upside down in the last few weeks. The novel coronavirus has spread to every continent on Earth – bar Antarctica – and infected over a million people and drastically changed the everyday lives of billions. But while most people are coming together during this difficult time and supporting one another, some are mercilessly looking to take advantage of this ongoing human tragedy.

Since the start of the coronavirus pandemic, we’ve seen one of the biggest spikes in scams in recent years, as hackers look to take advantage of the global crisis. These scams cover a whole range of methods and targets – including fake charity donations and, on the more disturbing end of the spectrum, an unofficial ‘cure’ for COVID-19. Businesses, as well as consumers, are also at significant risk of a cyberattack due to coronavirus, and everyone must play their part to keep data secure. 

Businesses must invest in cybersecurity for working from home

While the technological capabilities of offices should be updated with the latest security measures, the same cannot always be said for the average employee who may not have either the means, or professional advice available, to ensure adequate data protection at home. With millions of Brits working from home for the foreseeable future, cybercriminals are aware of the opportunity that this presents as vulnerabilities in data protection can be more easily exposed. 

So, how can businesses protect themselves from a potentially financially ruinous data breach that could seriously impact their reputation whilst employees are working from home?

Investment in your business’s cybersecurity is key. All organisations should have IT staff available to advise employees, and the latest software should be installed on machines employees are using to protect against any potential hacks. This should always include basic things like firewalls and anti-virus software.

While this may sound like a big expense, business leaders need to remember the financial penalties that could be imposed if they fail to adequately protect against a data breach as well as the heavy costs of litigation. British Airways, for example, is facing a potential £3billion payout for its infamous 2018 cyberattack and Virgin Media could be facing an estimated total compensation bill of up to £4.5bn as a result of its data breach earlier this year.

Caution with pre-used laptops

With the UK’s economic situation already far from stable, it’s paramount that businesses invest in their cybersecurity and ensure that staff working from home are equipped with the latest security software. 

But despite the obvious risks posed by a data breach, business leaders are still not taking cybersecurity seriously. We have been particularly concerned to see businesses panicking about working from home and buying up pre-used laptops without taking the adequate steps required to ensure second-hand equipment is safe.

While this may make financial sense in the short-term, pre-used laptops may not be secure and may contain malicious software that could seriously hamper any business’s transition to working from home. 

With this in mind, the first thing employers should do before employees use such equipment for working at home is to scan for viruses and wipe hard drives. They need to make sure the laptop they are working on is fully protected and free from any malicious software that may have already been on it. They should also install the latest Operating System and antivirus software, and ensure that security patches are updated.

Simply relying on a retailer to have taken these steps already is not enough. Businesses should also implement clear protocols for employees to adhere to which specifically address data protection and cybersecurity outside of the office too.

What else can employees do?

While the onus is on business leaders to protect data during this period, employees can also play their part.

For instance, people could use this time at home to review their own personal cybersecurity with simple steps like making sure they have a long, complex router password for their home Wi-Fi. People could also change passwords for online accounts that have been in use for a long time and ensure unique credentials are used for different platforms with complex passwords for each one.  Using two-factor authentication (where possible) and a secure and reliable VPN for internet access are additional considerations. 

Although these may sound like insignificant measures, they can have a dramatic impact on a business’s data security. Both employees and business leaders must play their part to protect data from cybercriminals looking to capitalise on the coronavirus crisis, and any defence is only as good as its weakest link. If an employee’s personal equipment is breached, it could lead to business data being exposed now millions are working from home.

With businesses entering unchartered waters, leaders must take the necessary steps to train employees in cybersecurity and manage their remote working and invest in the best equipment and virus protection to safeguard sensitive data. If they don’t, they could face a ruinous data breach that may lead to hefty fines, costly litigation and significant reputational damage to add further disruption during an already turbulent time for the economy.

By Aman Johal, Director and Lawyer of Your Lawyers