Working from home: How to fortify your information security management system
According to the Australian Institute of Family Studies, two-thirds of Australians are now working from home part-time to combat COVID-19 and maintain social distancing in the workplace.
In their recent survey, Families in Australia: Towards COVID Normal, 67% of employed survey respondents were sometimes (if not always) working from home compared to 42% of workers pre-COVID.
A staggering 40% of respondents said they had never worked from home before, highlighting the need for more information security measures and training in the “hybrid workforce”.
Ilan Rubin, the CEO of a software company called Wavelink, noted the hybrid approach (i.e. working on-site and working remotely) will most likely be here to stay.
With this in mind, maintaining a robust information network that’s protected from cyber threats is not only necessary from a business perspective, but an important factor in the duty of care for employees, too.
“The hybrid workforce will be a permanent feature of the Australian and New Zealand business landscape moving forward, so organisations need to understand how to secure their networks and their employees in this new environment,” he said.
“A hybrid workforce means more employees will be working from home networks instead of the traditionally better-secured corporate network. Home networks can be filled with gaps due to connected smart devices that the employee doesn’t even realise are endpoints that could provide cybercriminals with access to the network.”
Ilan suggests that organisations need to minimise these risks by deploying endpoint protection and a zero-trust network access approach. There are three key ways business owners can fortify their networks and increase information security — read on.
#1: Increase awareness of inside threats
No business owner wants to create a culture of fear within their own organisation. Unfortunately, however, the most common security risk comes down to human error. It can be disturbingly easy to click on a malicious link and put your organisation’s information security at risk.
For some perspective, phishing has become more prevalent during the pandemic — according to the Global Phishing and Fraud Report, phishing incidents rose 220% during the height of the pandemic compared to the yearly average.
Based on further data, phishing attacks are forecast to increase 15% year on year as the pandemic fluctuates and more businesses swap to the hybrid approach.
As more workers communicate via email and instant messaging apps while working from home, phishing attempts can go undetected, which is why it is essential to train your employees on how to identify phishing attempts and reinforce the need to double-check the sender before clicking on any links.
This may require additional training to reinforce the risk of phishing and ensure all employees know how to spot a phishing attempt when it comes along.
Ilan from Wavelink also recommended the following:
“Organisations should make sure they have the right tools in place to protect the distributed network along with backup data and disaster recovery plans. With all of these elements in place, organisations can protect their hybrid workforces now and into the future.”
#2: Re-examine your information security systems
With Ilan’s recommendations in mind, business owners need to look beyond basic human error. In a hybrid working environment, you will need to look at your information security management system more broadly, taking into account any potential entry points through the corporate firewall.
It might sound extreme but business owners and organisations should have a “zero-trust” approach to information security. All users should be given the least amount of privilege possible and no user should ever be 100% trusted.
It’s important to have an information security management system that covers every aspect of your organisation including the office, data centre, branch offices and home offices.
ISO/IEC 27001 (information security management systems) is a systematic approach to managing sensitive business information so it remains secure. This includes people, processes and IT systems, applying a risk-based approach and a system to manage information.
To achieve ISO 27001 certification and improve your information security, you will need to conduct an assessment of your existing ISMS and identify areas of improvement.
Upon the completion of this assessment and the implementation of a new system, an accredited certification body like QMS can assess you against ISO standards.
This is the first step towards a safer, more effective ISMS. Contact us for an assessment today. We’ll make the certification process simple and streamlined.
#3: Reassess your budget priorities
As more businesses transition into a hybrid workplace, budgets and expenses need to be reviewed. Where some businesses and organisations may have been funnelling funds into network upgrades and on-site infrastructure, team leaders need to redirect funds into supporting the hybrid environment.
Ilan from Wavelink recommends cloud adoption, endpoint security and collaborative software to make work more efficient, while also protecting company information in a more robust way.
It is also wise to develop an ISMS that protects users across the local area network (LAN), wide area network (WAN), data centres and cloud edges.
Improve your information security management system with QMS
With so many Australians now working from home part-time, it is more important than ever to have a reliable information security management system in place.
Through ISO 27001 certification, you can secure your information and improve confidence in your employees, investors and future tenders.
QMS is here to make the ISO 27001 certification process simpler. Our experienced auditors can provide a compliance audit of your ISMS quickly, and provide a report that will help you add value to your investment in Information Security, and certification.
Contact us to discuss your certification needs.