Protecting Remote Workers from Cyber Attacks

As remote and hybrid working continue to shape the modern business landscape, cybersecurity challenges for SMEs have evolved significantly. With several years having passed since the pandemic, the widespread adoption of flexible work environments has created new vulnerabilities for cyber criminals to exploit. Home offices and personal devices often lack the robust security protocols of corporate networks, making remote workers a prime target for attacks.

The National Cyber Security Centre (NCSC) continues to warn businesses about the growing threat posed by tactics like phishing, social engineering, and remote access breaches. With the large-scale shift to remote work, it’s more crucial than ever to build and reinforce a strong ‘human firewall’—arming employees with the knowledge and tools to protect both themselves and their organizations from potential threats, no matter where they work.

Cyber Challenges

Recent research from the UK Department for Digital, Culture, Media and Sport shows that:

• Half of businesses report having cybersecurity breaches or attacks in the last 12 months.
• In the past 12 months, the most disruptive breach for businesses of any size resulted in an average cost of around £1,205 per incident. For medium and large businesses, this figure rose significantly to approximately £10,830 per breach.
• Despite these issues, only four in ten businesses report being insured against cyber risks.

How to protect your business

There are several steps you can take to protect your business against cyberattacks during the pandemic:

1. Adapting to new software

• 'Software creep' is the excessive expansion of the amount of software a business uses. It can mean data goes into more disparate places, requiring more consideration and protection from a cyber perspective.
• Ensure you have a clear understanding of software being used and their security protocols. Know how your data is stored, accessed, and utilized. Ensure user controls are in place to enable/disable employees.

2. Physical & technological access

• Ensure you have full knowledge of who has access to technology devices that are in any way connected to your sensitive business information. With changing circumstances, it's important to be aware of employee working environments at home (e.g. flatmates, families, children) and how that could impact device usage.
• Make use of tools like encryption, multi-factor authentication, and VPNs.
• Ensure employees only use company-approved IT tools which come with sufficient levels of security.

Enjoying this article?

Sign up to receive regular insights to your inbox.

3. Review & communicate

• Ensure your secure remote working policies are up-to-date and adapted to reflect your cybersecurity needs during the pandemic.
• Communicate updates to the whole team, particularly where new software, tools and processes get introduced.

4. Consider insurance

• Cyber insurance should already be a key part of your cyber strategy, and should be reviewed to ensure it isn’t being invalidated by remote working.
• It's used to protect businesses and individual users from internet-based risks and, more generally, from risks relating to information technology infrastructure and activities such as fraud, data theft/breaches, social engineering and ransomware.
• Such insurance can cover, for example, loss of income caused by business interruption, paying ransom fees, the costs of restoring data, 3rd party claims against a business for the damages they suffer as a result of an attack, as well as the cost of defence to regulators and repairing reputational damage in the aftermath of an attack.

About the Author

Paul Callaghan is the founder of Cyber Insurer UK, a specialist insurance broker for UK businesses to help protect them against the threat of cyber attacks and data breaches. Cyber Insurer simplifies business insurance for startups, micro businesses & SMEs.