The four essential steps to WFH cybersecurity
Working from home is here to stay but it can also provide hackers an easy backdoor into an organisation’s networks, according to Leon Fouche, BDO National Leader of Cyber Security. His tips on cyber security at home will help keep everyone safer.
Many organisations have implemented working from home (WFH) procedures over the past couple of years, and for most, it is here to stay.
While this is a welcome development for many workplaces, it means the management and protection of business data is more complex than ever.
Managing and protecting your systems across multiple and remote sites can be tricky, particularly for organisations without the specialist teams or experience to do so.
However, there are several steps you can and should take in your approach to mitigating the risk of a potential cyber incident.
Fouche says that thorough and considered planning is essential to navigating the complex issues associated with WFH arrangements.
“The current climate demands robust cyber security measures – no matter the size or nature of your organisation,” Fouche says.
“With WFH arrangements the norm for many workplaces, it is essential to have appropriate plans and procedures in place.
“Without them, the risk of a potential cyber incident and the associated damage is unacceptable.”
Fouche suggests that businesses should address the following areas when navigating the planning process:
1. Connectivity
- Adequate home internet connections and alternative sources
- Offline alternatives for backing up critical data.
2. Security
- Wireless router access controls
- Wireless security encryption
- Security controls and software updates on devices
- Secure method of accessing sensitive data
- Virtual Private Networks (VPNs)
- Strong passwords and a password management tool
- Regular software backups
- Employee education, particularly around phishing techniques used in cyber threats.
3. Collaboration
- Use of secure environments for collaboration, file access and maintaining productivity
- Controls for accessing Personally Identifiable Information (PII) or sensitive information.
4. Incident response
- Consideration of all elements related to a cyber security incident, including information to convey and to whom, what actions should be taken and more.
“This list is by no means exhaustive,” Fouche says.
“But gives organisations an idea of the types of issues and concerns they should be thinking about.”
For more detail on planning for and mitigating WFH cyber risks, Fouche and his team have created this cyber security working from home guide – a checklist to help businesses work through these complex issues.