by Nicki Dowsett in Anti-virus software, Audit Reviews, Back up solutions, broadband, cybercrime, Data Loss Prevention, Disaster Planning, Disaster Recovery, General, Hardware, Helpdesk, Hosted phone, IT Support, IT Systems, Microsoft, Microsoft 365, Microsoft Teams, MPR, networking, Password Security, Ransomware, Remote working, Risk management, rural broadand, SaaS Protection, Software, Tech-as-a-service, Wireless networks
We are aware that many of our customers are investigating a Hybrid Office for the future. Finding a balance between flexible home/office-based staff, those that prefer to be at home permanently and others that prefer to be in the office permanently. Media articles are suggesting that 43 out of the top 50 companies in the UK, do not plan to bring staff back full time.
Last year when everyone made the mass exodus to home working, there was a clear focus on getting everyone on-line and the business continuing. The return to the office is not necessarily as simple as everyone just turning up to work at their desk. After almost 15 months away from the office some people may find adjusting to the office trickier than others. Individual working styles may have changed. After working in an environment with little distraction to suddenly being in an office with colleagues on the phone or just generally catching up, may mean that they feel they prefer to be at home for some of the week. From own conversations with industry colleagues and customers, here are some area’s that we believe you should be considering for your staff and business even if you are not considering a hybrid office.
Internet Connections and Firewalls
Remote workers will require internet connections to be able to connect to the office network whether it is cloud based apps or a Voip phone system. The most important consideration is the router secured and has the password been changed since it left the factory? The standard routers issued by home broadband have basic security settings and it is unlikely that your employee has ever changed the router name or password. This puts your data at risk, as you have no control over this set up.
Another area to consider is that many home broadband connections state in the small print that they should not be used for business purposes. Although this has been overlooked during the lockdown, now is the time to consider is your employee at risk from using their BT, Virgin or Sky broadband connection. Finally is the connection reliable? Have they suffered, but put up with, outages until now? Or is their chosen home office space receiving a good signal, do they need a booster installed?
Installing a dedicated business internet connection to your employees homes gives you the control to secure the router and firewalls that connect your employee to your business network and data.
Back up Solutions
While cloud-based applications like Microsoft 365 are safe when left alone, they can’t protect you from yourself (or your employees). This is why the #1 cause of data loss in the cloud is human error.
Every day, users trigger data loss/corruption in cloud applications due to:
- Accidental (and intentional!) deletion
- Overwriting important data
- Downloading malware/ransomware viruses
- And more!
More and more businesses are using SaaS (Software as a service) such as Microsoft Business 365 or Google Workspace (formerly G Suite) and it is often assumed that your data is backed up automatically and that these providers will hold all your data, BUT this is not the case.
For example Microsoft state in their Service Level Agreement the following:
“Microsoft is not liable for data loss due to application outages, it is also not liable for data loss due to deprovisioned user accounts.
We recommend that you regularly backup your Content and Data that you store on the services or store using Third-Party Apps and Services.”
Recent reports show that it could cost your business upwards of £1million in ransom, fines, legal fees, loss of revenue and IT Support to get your business back up and running if you suffer a data loss due to vulnerabilities in your network. From as little as £2 per seat per month, MPR IT Solutions can support your business against Data Loss see our news article here.
Ransomware and Phishing Scams
Ransomware and Phishing scams are increasing and it is becoming more prolific. This is affecting all industry sectors whether your employees are at home or in the office. Employees using their own hardware are unlikely to have the same level of anti-virus or malware software to protect your data against phishing scams and ransomware. As it is a personal computer you do not have the control over this as you would with a business device. Implementing Security Awareness Testing across your business can identify individuals that require further training on how to spot a scam. For only £2 per seat per month you can help to protect your business by ensuring your staff are more aware of the potential risks on email scams. See our blog articles on Network Security and Is my Network Vulnerable? for further information.
Hybrid Office Workspace and Risks
Personally I have worked remotely for 7 years. I am therefore well situated to understand the needs long term, as opposed to the last year. I have friends sharing the dining room table with their partner, or know of people that have been using a lap tray to balance their laptop and phone whilst sat on the sofa. These don’t work short or long term. If you partner is in Sales and on the phone constantly and you are in an admin role there are going to be clashes. You can’t both be holding a MS Teams or Zoom meeting at the same time, it is unprofessional and distracting.
Your office is likely to have LED lighting to create a bright environment, and these are on all day long. At home your staff are working in natural daylight and this can cause strain on their eyes when looking at their screen all day. Is their home in a busy street? If so, it can be distracting to hear vehicles or pedestrians going passed constantly. These are all areas to consider along with lone working risk assessments. It is your duty of care as an employer to ensure that your staff when working remotely are safe, cables and power leads across the room are a trip hazard and even though it is their own home you can still be liable if proper provisions and risk assessments are not offered.
Hybrid Office Equipment
Is there a clear separation of home and work space? Is your employee expecting to be able to work from the kitchen or dining room table or do they have a desk? Not every home is large enough for a full office desk, however there are many home office desks available on the market to suit most needs. Having a dedicated work space, allows for your employee to define work and home time.
As a business, if you decide that you want staff to work from home, you need to consider that they have the same equipment and furniture available to them as they would in the office. Desk space, chair, printer and office stationary. Often overlooked are ergonomic items such as wrist or feet rests to allow them to sit comfortably and without risk of long term injury such as back pain or RSI. Be prepared that if staff are working part remote, part office based you will have to pay and provide these items for both home and office, the same as you would if they were in the office full time.
Are your staff working on business computers or personal computers? Last year the focus was just to get everyone on-line, many businesses invested in laptops for staff, others sent staff home with their desktop computer. However, for some it was simply a case that staff would use personal computers (Bring Your Own Device – BYOD) as no one expected it would be this long. Linking back to cyber security, it is important to consider the security of the hardware as well as the lifecycle. If your staff are using aged or personal hardware you should consider upgrading or purchasing business hardware to secure your network and ensure employees are able to work remotely long term.
Alternatively, if staff are going to be working in a hybrid office routine, what are your plans for hardware? Whilst cloud platforms are great for being able to connect anywhere, if your employee only has a desk PC, they are not going to be able to transport it back and forth.
Hosted telephone systems ensure a professional first impression for your customers, no matter the location of your employees or the size of your business. With a hosted phone system, staying connected to your customers by telephone is seamless for remote working or the return to the office – it is very simple to switch between the two. Bringing the ultimate in flexibility, with a minimal initial capital outlay, along with an easy to manage monthly subscription. A hosted telephone system will allow your employees to connect whether it be a hybrid office or at home with customers and colleagues. Flexibility comes with the option of using a softphone on your laptop or PC, a physical handset or an app on your mobile.
Re-integration to work place
Expecting your employees to return to a hybrid office or any office, as if the last 15 months hasn’t happened, is not an option. Everyone will have had different experiences and you need to accept that it wont be smooth and there will be friction. For someone that may have been in the office for the majority of the lockdown, they will be used to working in the office, however they are now used to almost silence. For someone that has not set foot in the office for 15 months, it will be daunting. Surrounded by people after being isolated at home with limited interaction to suddenly be around colleagues can be stressful.
Each individual needs to be considered separately. You cannot assume that everyone is the same. Some may have lost family or friends, some may have been in hospital themselves, whilst others may have thankfully escaped any such experience. Some may live alone and have had extremely limited interaction with the outside world due to restrictions. The return to the office will have an affect on mental health in some shape or form. For those returning from furlough it will be a huge step to get back into a routine, whilst others that have worked all through may resent those that were furloughed.
Going forward, employees that want a flexible working approach will benefit mentally by being able to have a better home/work life balance. For those that are parents will value the opportunity to be more available to their family without a long commute or staying late in the office. With the option to work from home they might stop to take a half hour break to play with younger children. This doesn’t mean they won’t be making the extra effort to get the tasks completed. After all, for the last 15 months much of it has involved home schooling and they still got it done then, nothing will change on that front.
Staff returning to the office will also need to be accommodated. Suddenly being tied to a desk 8 or 9 hours a day will require regular breaks as they settle back in. They will be used to not being observed for every move they make and it really does make for a better environment overall when staff are trusted. In the past many business were concerned that out of sight meant out of mind and that working remote should never be an option. However, these last 15 months have proved that it can be done in most cases.
Communication, Collaboration, Concentration
I found that the last 15 months brought me closer to the team. I have worked at MPR IT for 7 years, all of it remotely and being based in Berkshire my visits to the office are not regular. Initially, when we all started to work remotely and had weekly social gatherings on MS Teams, I suddenly got the opportunity to get to know some of my colleagues better. I would have regular quick teams calls to ask colleagues questions where as before I would probably have dropped them an email. Using teams we were able to throw ideas around quickly and easily in a chat or quick call.
Now that they are all back to the office, I still feel that sense of connection, however I do miss out on the ‘corridor conversations’ as some might call them. Where one person will mention something and it then becomes a discussion. They are great and do keep me up to date with any decision made and ask for my opinion, and with a small team this is easy to overcome. For those businesses that are considering a Hybrid office environment, you will need to ensure that employees do not feel left out by being at home, as opposed to the office and continue to hold regular sessions as a whole team.
How can we help?
Contact our team on 0800 030 20 30 option 1 or email us at firstname.lastname@example.org to find out how MPR IT Solutions can support your business with technical solutions for a Hybrid Workplace. Whether just one member of staff will be remote or the whole team, we can identify vulnerabilities in the network, support you in upgrading hardware alongside day to day managed IT Support.
Keeping your network secure – this is a subject that should be carefully considered for any network whether business or personal. Technology is the main way that people communicate today and we increasingly rely on email communication. Cyber criminals are using this as an opportunity to send more and more scam emails, texts and phone calls. Often all very realistic. Making sure your network has the best security systems in place will help to keep your network and data secure.
Password Security and 2FA
When it comes to password security the one main rule is NEVER EVER share your password with anyone. Then next is to ensure that your password is difficult to guess. 123456 or password are sadly still often used despite them being so easy to guess. Making sure you have a password that is harder for criminals to guess is vital. Alongside using different passwords for each account. With so many passwords to remember for your work and personal accounts it is becoming harder to separate these out as well as remember them all. This is where 2FA( 2 factor authentication) is an advantage. Many on-line accounts now require 2FA, where you will enter your normal password and are then required to confirm the log in with an additional code generated by text, email or an authenticator app.
Finally if you are ever asked to reset a password via an email – check it is a genuine request. It is very unlikely that any organisation would ask you to reset a password unexpectedly. Many people unfortunately become victims of scams through realistic looking requests to update passwords.
Firewall – why do you need one?
In the construction industry, a firewall is historically the protection between two buildings to prevent fire spreading across adjacent buildings.
The computing equivalent works in a similar format. Acting as a security fence surrounding your network, a firewall observes and restricts information coming in via email or the internet. The firewall will only allow information from sources pre-determined by your firewall and can either be a network or host based security system.
In most homes and businesses, routers are used to enable the connection of various devices to the internet. Prior to routers, each individual device would need to be plugged directly into the modem. When connected directly in this way, a device has a public IP address a allowing information to be accessed by anyone on the internet. As technology has developed most devices will have their own firewall built in. However larger networks will have a separate firewall to protect the security of the network.
Antivirus Software – why do you need it?
Did you know that the first computer virus was released in 1971? The Creeper virus was not designed to be malicious or cause damage but was an experiment to demonstrate a mobile application. Today, it is believed that over 6000 new viruses are released each month.
Antivirus software, also known as anti-malware, is a computer program designed to prevent, detect, and remove malware. Antivirus software can protect users from: malicious browser helper objects, browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware. There are various levels of protection available on the market. It is important that your choose the right anti-virus software for your network. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity, online banking attacks, social engineering techniques, advanced persistent threat and botnet DDoS attacks.
Security Awareness Training and Testing (SATT)
In addition to Firewalls and anti-virus software, MPR IT Solutions also offer SATT, Security Awareness Training and Testing. The purpose of this is to stop security incidents on your network, by providing your end users with Security Awareness Training and regular Testing. SATT is a fully managed service that is bespoke and tailored to every individual organisation. It takes up none of your time or resources, and is guaranteed to make a difference.
The SATT service combats the weakest cyber security link in any organisation – your end users – and is delivered in three stages over a 12-month service agreement. The total cost for the 12 month SATT service is far less than the cost of just one security incident.
Contact our team today
Supporting companies from a wide number of industries, MPR IT Solutions are experienced in the multitude of options across the markets and can tailor the right security systems to keep your network secure.
For more information on protecting and securing your network contact our team today on 0800 030 20 30 or email email@example.comRead more
Cybercrime and you
The hot topic for the first half of 2016 has been all about cybercrime, hacking and ransomware. It seems that no company no matter the size is safe from attack. In this blog we will talk about some of the companies that have been attacked and how this can ultimately affect you. We will also talk about the steps you need to take to ensure your systems and network are secure.
Can you name a well-known organisation that has been attacked? Here are just a few that you will know and possibly use:
Talk Talk – 57,000 customer personal details accessed and 15,600 customer bank details taken. This caused uncertainty for many customers as to what had happened to their bank details and at what cost to them. This attack cost the company upwards of £35million in compensation and loss of customers. 4 people were subsequently arrested in connection to the attack.
Vtech – Over 5 million customers affected by this attack on children’s manufacturer. Accounts set up online to allow children to play games were hacked, leaving them vulnerable. Whilst it did not store any bank or credit card details, it did store personal contact information. The company were not even aware of the attack until contacted by a journalist. A 21 year old was arrested, he had carried out this attack from his home in Berkshire.
BBC News, The New York Times, MSN – One of the more recent occurrence. These news sites were unwitting victims to malicious adverts on their sites or malvertising. Tens of thousands of people were exposed to these adverts, which could deliver malware to your device, encrypting your files. This was a large attack on well-known news outlets and if they had been successful could have been devastating for millions of people, however all ads were removed quickly.
Ashley Madison – The chances are you don’t know the company by name, but will have heard this story. The company are an on-line site encouraging extra-marital affairs. The site was hacked and user details stolen. The information was then leaked on-line causing many spouses to be very unhappy. We can all guess how that ended up for many people.
FBI – Slightly concerning that the Federal Government of America are also at risk. The same hackers also accessed the CIA director’s personal email. Having accessed the FBI Portal the hackers were then able to view records on arrested suspects. These details were then leaked on-line.
Donald Trump – Now no matter your view on the Presidential candidate for the US, it is surprising that even businesses owned by one of the most successful businessman at are risk. Malware was put into the Trump Systems and stole credit card details from hotels across the US. It is not known how many people were affected by this, but expected to be in the thousands. The hacktivists Anonymous have also recently announced they are declaring war on Trump.
Now for some of the lesser known companies, some of which are in our own region, just to show you that it is not just the large companies in the world that can be vulnerable. Do not have a false sense of security that this cannot happen to you. Sadly everyone is at risk.
Solar UK – Based in Battle, East Sussex, this small business of just 11 people were hacked by the current largest terrorist organisation, ISIS. The company website was vulnerable to attack and unbeknown to them, the website had been taken off line. Anyone searching for them, would be horrified to see CCA or the Caliphate Cyber Army videos. This hack was apparently in revenge for a drone strike in Syria. It is believed that the company was targeted by a search Robot trawling through the internet to find unsecure websites.
Chatham Town FC – In January of 2015, this small part time football club had its page hacked and in place of the usual content an image was put up supporting the perpetrators of the Charlie Hebdo attack in Paris. Luckily all the content of the Football website was backed up and was back up and running after a couple of days with no data lost.
The list seems to go on and on of varying different business types that are vulnerable, we highly recommend that you review all your network and personal security. The Government Cyber Essentials scheme backed by the FSB is key to help win any government contracts and is good practices for all businesses. It is no longer something that businesses should think it would be nice to have in place, it is essential. The risks are extremely high, not just for your customer’s details, but also your business as a whole. If you are unfortunate enough to be attacked, it will be costly both in monetary value for custom, but also in getting it fixed and downtime for your staff.
These are the 5 key points on the Government Cyber Essentials scheme
Malware Protection – do you have a robust malware in place? This will stop viruses and ransomware from getting through to your emails and employees.
Access Control – encourage your staff to choose passwords that would be hard to guess and not simply change the number on the end each time it needs to be updated. Password or 123456 are not ever going to be good choices. Also ensure that admin passwords are only given out to members of staff that should have access to these.
Firewalls – investing in a high end firewall can prevent hackers from gaining access to your systems and to make certain there are no leaks.
Secure configuration – Is your system configured to ensure security for your organisation. Are all laptops, PC’s and phones password protected? Do files need to be password protected?
Patch Management – the likes of Microsoft and other operating systems regularly release new updates to their software. Ensure you are fully up to date as these updates will often include patches to ensure your systems are more secure. As hackers become more clever the software providers work hard to identify areas to increase security.
We also recommend you view the national cybercrime website or if you have any concerns about any of the issues raised in this blog – please contact MPR IT to discuss the current state of your network and if there is anything else we can help you with to improve security.Read more