The sudden transition to working from home brings new cyber security vulnerabilities.
From Zoom security flaws, to housemates sharing work computers, to employees using their own devices, new cyber risks are emerging that we hadn’t even thought about before.
In our ‘new normal’ state, as startups and small businesses, there are a few key considerations to be aware of when considering how to protect your business from cyber threats and security issues.
How sexy are new tools
Our team members love discovering and trialling new software.
Actually, don’t we all love it when we find that one new application that just does exactly what we’ve struggled to do? It feels great. You whip out the credit card, and then become busy learning how to implement your new favourite piece of software.
Before you know it, however, you find yourself experiencing ‘software creep’.
Software creep is the excessive expansion of the amount of software a business uses. It can divide your data into yet more disparate places, requiring more integration between tools, upskilling and adaptation from staff.
Software creep can also impact your bottom line. Independently, each SaaS subscription may be just $50 or $100 a month, however, as your team grows, so can the toolsets they require, and your SaaS budget can balloon quickly.
Tip: consider letting go of one tool or SaaS subscription before moving onto the next latest and greatest. See where features overlap and consolidate them as much as possible.
New software can be shipped quickly to capture market share. This speed to market can lead to new software or new updates to existing software being less secure than previous tools you might have used.
Consider the impact that security flaws in Zoom, the online teleconferencing software that has been a lifesaver during recent lockdowns, have had on businesses.
If your business is using software, then you need to, at a minimum:
- Understand its security protocols;
- Know how your data will be stored, accessed and utilised; and
- Control which team members run and enable access to new software.
Establish, communicate and reinforce strong cyber policies
Startups are light on policies. SMEs likewise.
Cyber policies need to be written down, communicated and reinforced through your business.
If this feels too much, start by sharing with your team some of the concerns you might have and get them involved in developing the solutions with you.
Drafting your cyber policies could be as simple as ‘no new software to be used without prior approval’ or ‘no SaaS trials on work devices’.
Someone in your team needs to be accountable for the development of and adherence to your cyber policy.
Often engaging the CFO to report on SaaS spend can be illuminating.
With increased working from home, now is a good time to be super clear with your teams and to over-communicate about software and tools that they are allowed to use and the processes they must follow. Have strong cyber policies, communicate them and reinforce them.
Physical and technological access
Who has physical access to technology devices that are connected to your sensitive business information?
How has technological access changed with more staff working from home? Do your staff live with flatmates? Or in a family are employees sharing devices to enable kids to communicate with friends and complete school work?
Who could access an unlocked computer or device in your business historically is now radically different in a working-from-home world.
Understanding how the physical proximity to your business’s connected devices has changed may lead to a rethink on your cyber policies.
For example, can an employee share a computer with a housemate or family member? What new risks does sharing technology expose your business to?
Maybe it isn’t just about physically sharing devices, but rather the ability of someone to access or view your sensitive business information.
Take for example a list of prospects, a sales pipeline or designs for a new feature or service. All sensitive information, that once viewed, can be hard to forget or ignore.
Cyber risks are on the rise
Business environments often have consistent and considered built-in security elements.
Homes, however, are vulnerable to cyber threats due to the infrastructure and devices that are operating across their home networks. They just aren’t as secure.
Also at this time, where confusion levels are elevated, people are distracted and there has been an increase in cyber risks, online phishing exercises and fake scam messages being disseminated.
Being vigilant and aware of cyber attacks is important.
Remind your team to be discerning around messages, emails and attachments to open and what to avoid.
Review any existing cyber insurance policies you hold.
Consider talking to an insurance broker who can understand your cyber risks and match you to an appropriate insurance policy to reduce the impact of cyber security issues and cyber attacks that you might face.
What you can do today
- Develop and communicate your business’s cyber security policy.
- Ensure adequate minimum standards for staff who are working from home.
- Check your cyber insurance policies.
- Reach out to a trusted insurance broker for advice.