Although small and medium enterprises (SMEs) are less inclined to provide their staff with company devices to work from home, only one third of employees (34%) in this category have received instructions on how to securely work on personal laptops, tablets and smartphones while at home during the pandemic lockdown – even though more business data is now drifting outside the corporate perimeter.
This and other findings are contained in the recent Kaspersky study, “How COVID-19 changed the way people work”, which highlights the importance of protection and security awareness for smaller enterprises. The study was conducted by research agency Toluna in April 2020. A total of 6,017 respondents were surveyed including 1,381 working in companies with between 1 to 49 employees.
Working from personal devices has become a necessity for some small organisations during the Coronavirus (COVID-19) pandemic. But even without COVID-19 lockdown measures in place, this practice remains relevant for some organisations as it gives greater freedom to employees to work anytime, everywhere, while making savings on equipment to employers. However, in addition to the business benefits, organisations must also remember to protect these devices from cyber risks so that sensitive business and customer data stored on them remains safe, and employees can work without downtime as a result of ransomware or other malware infections.
During the pandemic, three-in-five employees of small organisations (57%) were not provided with corporate devices from their employers, compared to an average of 45% of staff working in all companies, as shown in the recent Kaspersky study. While it may be the only option for some organisations to keep their business going, only one third of small business staff (34%) indicated they were given any IT security requirements to work securely on personal devices.
These requirements could include, for example, having an anti-malware solution installed by a user or provided by an organisation, using strong and unique passwords on devices and Wi-Fi routers, and regularly updating device operating systems in order to reduce risks from unpatched vulnerabilities.
Having such instructions in place has recently become even more necessary, given that 35% of small business employees admitted they have begun to store more valuable corporate information on their home devices, as well as in personal cloud storage services (25%).
“Small companies may be in difficult circumstances and their first priority is to save their business and employees during the lockdown. So, it is no surprise that cybersecurity may become an afterthought. However, implementing even basic IT security requirements can decrease the chances of malware infection, compromised payments or lost business data. Moreover, there are plenty of recommendations already given by cybersecurity experts that businesses can share with their employees to help them keep their devices safe. And of course, the requirements should be followed not only during home isolation but continued when staff work remotely in the future,” comments Andrey Dankevich, Senior Product Marketing Manager, B2B Product Marketing at Kaspersky.
Kaspersky advises small companies to follow these IT security requirements to protect their employees while working from personal devices:
- Home devices should be protected with an antivirus solution. Kaspersky offers small businesses a dedicated solution, Kaspersky Small Office Security, which can be installed remotely on any device, whether corporate or employee-owned and managed from the cloud.
- Device operating systems, as well as applications and services should be always updated to the latest versions.
- Password protection should be switched on for all devices, including mobiles and Wi-Fi routers. If a router has a default password it should be changed to a new and strong one. The password manager feature in a security solution helps to generate and store unique and strong passwords for every account.
- Home Wi-Fi connections should be encrypted, ideally with the WPA2 encryption standard. This can be done in router settings.
- A VPN should be used if an employee is using unknown Wi-Fi hotspots.
- Use a security solution that enables device and server encryption and creates backups for all corporate data – this will help to restore data quickly in case of a ransomware infection.
- Provide employees with a list of reliable cloud services that they can use to store or transfer corporate data.
- Conduct basic security awareness training for your employees. This can be done online and should cover essential practices, such as account and password management, email security, endpoint security and web browsing. Kaspersky and Area9 Lyceum have prepared a free course to help staff work safely from home.
- Last but not least – ensure your employees know who to contact if they face an IT or security issue.