Share on social..
June saw the beginning of a return to work for some organisations as lockdown restrictions were gradually lifted and social distancing measures have been incorporated in workplaces across the UK. However, a large number of companies still remain which are not able to reopen their offices safely enough for their staff and the executive decision has been taken to keep staff and their families safe by continuing to work from home.
Some of these organisations have robust IT systems and cyber security plans in place to keep business information secure. But there still remains a sizable amount of businesses whose employees are working remotely on unsecure networks and devices, leaving the company they work for and the information it handles open to a full scale data breach. With The Guardian reporting that cyber attacks involving malicious email traffic in the UK rose from 12% to 60% in the first six weeks of lockdown, now is the time to address the issue of remote working cyber security.
How are we securing the data?
If the security bar was lowered to enable remote working back in March when the lockdown was announced, we now need to rebuild it so that everything is covered. If we’re accepting a wider scope of remote working, we need to ensure a high level of corporate control. Most businesses had to implement remote working on the fly, but now things have calmed down and people have had time to adjust, we can think more calmly and shore up the defences by putting a well thought out cyber security plan in place.
Beware of untrusted machines
There is probably a mixture of corporate and personal equipment being used by remote workers. Data will likely be flowing in and out and it is vitally important that this is addressed to ensure that we are not allowing data to flow in an uncontrolled manner. In the corporate arena, data is largely controlled on company devices with compliance and information governance policies, data leakage prevention (DLP) platforms, antivirus software and secure VPN connections over the internet but with home and personal machines, it is likely that there is untrusted software on these devices and a good chance that children at home have access to parents’ laptops and are using them to access the internet for homework and research, leaving them vulnerable to all sorts of malware and phishing emails. These aren’t trusted devices and it is not viable to make them trusted so we now need to think about the mechanisms of remote access and how to implement a secure system for all.
The three factors to address in the remote working model
Here we are dealing with a reasonably mature aspect of remote working. For some time now, we have been used to having our emails accessible on our mobile phones and lately, we have all been making calls over the internet on Skype, Teams and Zoom. With PIN lock features, fingerprint and face identification measures required on all modern smartphones, this is largely taken care of and reasonably secure but can still be improved upon.
Managing remote access to applications for employees is vital to mitigate cyber attacks and hacks. Some users will require special opening software for niche apps such as computer aided design and the software required will generally dictate how the user accesses it. By using the correct control methods, workers will be able to have the access they need to continue to work efficiently.
Controlling the way that company data is accessed by people working on their home machines is vital to remote working cybersecurity. Where in the past, workers may have been tempted to take work home with them at the end of a day in the office by emailing a report or document to their personal email account, this was clearly not a viable or desirable mechanism because it would have left the data in the document unprotected straight away. Today, we can give the right tools to employees so that they don’t have to resort to emailing themselves anymore. With three main options available to suit most office setups, there is no excuse for allowing company data leakage. It is simply about training and education and putting the right systems in place so that bad situations are avoided in the first place.
VPN – A Virtual Private Network allows secure remote connection to a corporate network; in other words, a point to point connection to the office. This means that employees are able to access files and data on a company server from their company device without the temptation to use personal email accounts. With VPNs, it is advisable to be wary of allowing untrusted devices to have access to the corporate network. Patches and software should be kept up to date to avoid punching a hole in the security. All work apps will also need to be installed onto the machine but this does have validity if used correctly and fits the business model.
RDS – Remote Desktop Services involve manipulating an internally held “virtual desktop” from outside and this system has a significantly higher level of control of data because it doesn‘t leave the data centre, it just allows people to connect in. In general, the health of the remote devices using the RDS is immaterial; home machines may be infected with viruses or malware but it’s not necessary to worry about people connecting to the corporate network from their own devices because everything is installed in the RDS and only video and keyboard/mouse commands pass back and forth regardless of how your employees are dialling in or from what device. Companies will also not need to worry about installing software on home machines or data being exposed, meaning that this is one of the best ways to achieve a high level of security and is device agnostic.
MS OneDrive – This is one of a number of cloud storage solutions which come under the umbrella of corporate management. Corporate administrators can enable back ups and put controls and policies in place to safeguard online security. Users generally get 1TB of storage with access to shared company folders. One of the main advantages of this system is that it allows users to access data from any device, home PC or work laptop but within a corporate wrapper with certain restrictions and with additional security and encryption options. Whilst users may be storing files on their own devices, they are encrypted and saved securely. This is a possible solution for companies without Remote Desktop Services or Virtual Private Networks and offers better security as long as it’s used with good antivirus software..
Multi Factor Authentication (MFA)
Passwords are no longer a guarantee of security and another level of protection is now required to be part of a robust cyber security programme. Adding an extra layer of security to your username and password, MFA enables you to offer an additional piece of evidence to prove your identity and is based on something you know (your password) and something you have (a code that has been sent to your mobile phone. There is simply no excuse not to have MFA activated as without it, companies are leaving themselves wide open to be breached.
User infrastructure
The future of secure remote working pivots around employers ensuring that their employees are enrolled in ongoing awareness training. They will have greater freedom and flexibility but these come with a personal responsibility for data security and without educating them appropriately can leave the company exposed. As humans, we are the greatest risk – we cut corners, we make mistakes, we take shortcuts. A programme of ongoing security training is vital for a safe and successful approach to homeworking and it should be seen as a mandatory behavioural change, with refresher training included so that it isn’t just a box ticking exercise and then forgotten the next day.
Contact us for more information on how we can help you to keep your company data safe while your employees work from home.
Lumina Technologies have taken the time to understand the requirements of our business and work as our strategic IT partner, enabling us to concentrate on delivering a high quality service to our clients and focus on our growth strategy. They have delivered a 100% cloud solution to our business with no underlying infrastructure costs or maintenance, which gives us scalability for our planned growth. It also means our business critical applications and data are securely accessible from virtually all our user devices. Lumina’s professional approach and strategic expertise is highly valued and their management of our IT – based on their in-depth knowledge, leaves us confident that our systems are available 24×7.
Luke Harrison
Keidan Harrison LLP
Lumina have supported us so well through the difficult circumstances of 2020. They worked extremely hard to ensure we were able to work remotely and continue to operate our business successfully. The support team are very friendly and knowledgeable, and have excellent response times.
The team have also enhanced our cyber security which is so important in the legal sector, and they continue to provide high quality advice to help us move forward with our IT goals.
Robin Illingworth
Managing Partner, Adams & Remers LLP
The quality of IT Support provided by Lumina Technology is of the highest standard and is complemented by effective client liaison with impressive response times. Trap Oil Group plc has no hesitation in recommending Lumina as a dedicated and specialist group of IT professionals.
Martin David
Technical Director, Trap Oil Group plc
Richard and his team are a real inspiration to anyone who meets them and I have watched Lumina’s growth over the last few years with interest and admiration. Richard has been an amazing supporter of the Hospice of St Francis, being a Gold member of the Corporate Partner Network for almost two years. He takes an active interest in the community and is passionate about his company and his town: nothing is too much trouble, he is always willing to help, to give up his time and to provide business advice when asked. Lumina is an inspiration to any company wanting to set up business in Hertfordshire.
Carolyn Addison
Corporate Fundraising Manager, The Hospice of St Francis
Lumina Technologies Prism Hosted Desktop has allowed our business to centralise our global corporate data, allowing much faster access for all our staff – regardless of their location. We have also been able to simplify and reduce our infrastructure and management overhead. With the new Prism Hosted Desktop solution all staff now have simple and secure access to corporate data using any device they choose. Prism Hosted Desktop has increased the productivity of our staff and given us a single, consistent and familiar experience for all users from any device, in any location, 24/7.
Katherine Roe
Chief Executive Officer, Wentworth Resources PLC
The commercially sensitive and regulated nature of Lambert Energy Advisory’s business requires an IT provider able to maintain the highest levels of integrity and confidentiality, Lumina Technologies has consistently been unimpeachable in this regard over the nine years we have employed them.
Patrick Agar
Lambert Energy Advisory
It has been a great pleasure working with Lumina Technologies over the past two years. They have fully committed to being involved in the local community with volunteering and with professional advice and commitment, helping many local charities along the way. As a growing company it proves that being involved in the local community is helping them attract and retain a talented workforce and I look forward to working with them well into the future.
Cindy Withey
Connect Dacorum
Hawkstone Management Services Ltd is a small company for which IT Outsourcing is realistically the only viable option. Lumina Technologies have successfully performed this role for over fifteen years. They also provide innovative solutions to keep pace with technological progress. I would have no hesitation in recommending Lumina to similar sized businesses.
Stephen Pembury
Hawkstone Management Services Ltd
Charles Douglas Solicitors LLP have been using Lumina Technologies for a number of years now and continue to be impressed by the technical know-how and contemporary knowledge of their senior management, who provide a timely, efficient and friendly service. Whether it is a small issue with one computer, or a strategic IT decision, they maintain a current knowledge of available technologies. Lumina are always at the other end of the phone to help resolve issues and minimise business interference. The technical knowledge of Richard and his senior team means that there has not been a problem that they can’t solve to date. I am sure we will continue to use them in the years to come.
Charles Douglas
Managing Partner, Charles Douglas Solicitors LLP
The team at Lumina Technologies have made the Amoun Travel & Tours office IT transition seamless and problem free. The office set-up has been vastly improved and the IT Support services are flawless. No issue goes unresolved, which is extremely reassuring.
Adam Helmy
Amoun Travel & Tours Ltd
Lumina Technologies has been Salamander Energy plc’s IT provider since start-up in 2005 and has supported us in London during our expansion across operational offices in SE Asia. Their professional approach, strategic advice and close co-operation have been essential in making this a success.
John Bell
Group Technical Director, Salamander Energy plc
Richard and his team at Lumina have provided Perrett Laver Limited with high quality strategic and practical IT Services for over ten years. During this period, Perrett Laver has grown from 10+ colleagues based in London to nearly 100 colleagues located in six offices across the Americas, EMEA and Asia-Pacific. Richard and the Lumina team have not just been responsive to our ‘everyday’ IT needs, but have proactively sought to work with us on developing an infrastructure suitable for the type of operation we are today, and are planning to be months and years down the line. I would not hesitate to recommend Richard, especially for small to medium size business with growth in mind.
Clementine McKinley
COO, Perrett Laver Limited
Society Limited has been supported by Lumina Technologies since our earliest start-up phase. From large logistical challenges like an office move, through to smaller fiddly issues like fixing a faulty e-template, we know we can count on their support and advice. They’ve also been able to engage with us strategically on the challenge of scaling-up our infrastructure as the firm continues to grow and evolve. We always feel confident going to Lumina with a problem, since we know they genuinely care about sorting things out and helping us to get on with our core business.
Simon Lucas
Managing Director, Society Limited
The Vita Group HQ staff have worked with Richard McBarnet and Lumina Technologies for over 9 years, with Lumina providing all our PC, server, phone, and software support. The services have included C-level executives based in London, Manchester, the US, as well as supporting home office IT as well. The service provided and intellectual capabilities are outstanding and we would highly recommend Richard and his Lumina team.
Joe Menendez
CEO, The Vita Group
We worked with Lumina on a GDPR Audit. Richard was knowledgeable and professional throughout, and did the best he could to bring a dry topic to life through lots of real life examples and analogies. We were so impressed with the service Lumina provided and the value we got from partnering with them on this project – we couldn’t recommend them enough.
Holly Cottingham, Vintec Laboratories
