Where is your business data?

October 7, 2020

Homeworking looks like it’s here to stay for many companies following recent government announcements reversing previous policy and encouraging those who can work from home to do so. In large companies and small, staff will be back working at their kitchen tables or on their sofas and it seems likely that many of these jobs will never return full time to the office.

Is your data safe in this changing environment?

The transition to working from home happened very quickly for most organisations, and companies have been really creative in finding ways to keep working. Directors and employees have been forced into new ways of working, and many have embraced this new world of Zoom/Microsoft Teams meetings and ensuring they are presentable from the waist upwards!

But, in this rush to keep businesses operating in this new environment, have companies lost sight of where their data is held and how safe it really is?  Outside the controlled environment of an office-based company network, is your data exposed to risks you haven’t perhaps fully considered?

Now we know this is going to continue for some time, it really is vital that companies take the time to ensure their data is safe within this ‘new normal’.

The danger of data bleed

We have all heard of big companies being hacked and we will come onto the dangers posed by hacking, but for many small companies there is a more insidious threat – and that is of intentional or unintentional data bleed.

In the rush to working from home, some companies have moved over to file sharing services such as Dropbox and Microsoft OneDrive or Sharepoint. Whilst these services do offer the option for collaboration, without taking precautions they can also be a catalyst for data loss, so we would suggest that you ask yourself the following questions:

  • If a file or folder became corrupted, would you have a back-up?
  • What would happen if an employee deleted a file by mistake – or even maliciously for example if you had to make them redundant in these tricky times?
  • Is there a risk that your employees could download and share confidential files either purposely or by mistake?

There are so many ways that business data can become lost or exposed, and the changes in the way we work have heightened these risks for many companies.

Hacking – not just about the big boys

Hackers have been trying to exploit the fact that employees are working from home since the beginning of lockdown.  Attacks targeting people working from home increased from 12% of malicious email traffic before the UK’s lockdown began in March to more than 60% six weeks later according to a Guardian article[1].

Hackers tend to target the tools used by remote workers e.g. sending fake requests to reset virtual private network (VPN) accounts, setting up Zoom video conferencing accounts with faked sign-in pages, or sending emails using coronavirus as a hook – e.g.  a recent email campaign against UK businesses that told employees they could choose to be furloughed if they signed up to a specific website, so tricking them to downloading malware onto their computer.

Phishing emails such as the one detailed above are at an enormous scale, with Google stating that they are blocking more than 100 million phishing emails every day to Gmail users[2].

Big names caught out by hackers recently include Easyjet and an un-named Premier League club[3] , but for every big name there will be thousands of small companies also caught out, so protecting your business data needs to be front of mind for companies of every size.

6 steps to securing your data in a blended work environment

  1. Firstly, it is vital that you understand all the ways your network can now be accessed – by whom and on what devices, and that you keep an updated record of this.
  2. Ensure you staff have the right hardware and software – the best option will differ depending on company set up.  Access to company files needs to be controlled whether employees are in or out of the office. For employees working from home for some or all of the time, examples of options include the below – your IT company can advise you of the best solution for your business.
    • Using company devices to access the network via a  company specific virtual private network and the options that brings to control the download of applications and data
    • Use of specialist software installed on home devices so employees are effectively using the device as a monitor/keyboard for their company device, securely and without the option to download sensitive information
  3. Don’t use file sharing services such as Dropbox without first taking precautions to ensure access is controlled and that all files and folders are backed up securely on a regular basis.
  4. Team training – ensure your team understands what they need to do and why. Too many breaches are accidental and could have been avoided by training employees how they should access and save files and what to look out for with phishing emails etc. Premieredge can provide training to your team and even run simulated attacks to help you to see if you’re vulnerable to attack.  Your team can then be trained to understand how they need to change their response if the simulated attacks breach your system
  5. No blame reporting – if something does go wrong ensure your team know that they need to report it quickly and that if it’s a genuine mistake then they won’t be punished. Picking up a potential problem quickly will usually mean the effects can be more easily mitigated. Human error does happen but a culture of fear of reprisal is likely to mean the effects are much worse.
  6. Have a back-up plan – what would you do in the event of accidental data loss or a data leak?   Look at different scenarios and the possible consequences. Examples:
    • If an employee maliciously or unintentionally deleted a shared file or folder, would you have a back-up?
    • What steps would you take in the event of a breach of a client’s data and whose help would you need?
    • If an employee was hacked and malware downloaded or data ransomed, what are the steps you would take to resolve this?

A quick effective response along with pre-planning to avoid more common situations such as accidental file deletion, will mean that you have a much greater chance of avoiding significant data loss.

Conclusion

The business world we are operating in bears little resemblance to what we were used to even just a little over 6 months ago and companies and employees need to adapt to this new way of working.  It is likely to be some time before all employees are able to be in the office full time, and even when they are able to, many will still wish to continue working from home at least some of the time.

Now is the time to ensure that all your data is safe given this ‘new normal’, and sadly the easiest way of working isn’t always the best way.  It is too easy to for example to use a shared cloud drive without thinking of the security implications if something goes wrong.

Planning and management is key to keeping your data safe, and if you would like to know more about how we can help you to achieve a data secure way of operating for your business, please get in touch.

[1] https://www.theguardian.com/technology/2020/may/24/hacking-attacks-on-home-workers-see-huge-rise-during-lockdown
[2] https://www.bbc.co.uk/news/technology-52722626#:~:text=EasyJet%20has%20admitted%20that%20a,debit%20card%20details%20%22accessed%22.
[3] https://www.bbc.com/news/technology-52722626https://www.skysports.com/football/news/11661/12034075/premier-league-transfer-deal-targeted-by-hackers-says-cybersecurity-report.