By Tabby Farrar
Thanks to modern technology, many startups and small businesses are able to operate with a flexible, mobile workforce. It may be that there are staff who work exclusively from home or other remote locations, while others log on during train journeys and out-of-office meetings.
Research has shown that many workers feel that they are more productive when working outside of their usual workplace, and that working with employees out of office can drastically reduce overheads – but it isn’t without risk. Connecting to company and client data over unsecured Wi-Fi networks, and from poorly secured devices, can bring major threats to the security of your business.
An increasing tendency to use devices like phones and laptops for both professional and private tasks, coupled with user log-ons from public networks, means mobile working creates plenty of potential for weak links in your cybersecurity. But thankfully there are easy steps that can be taken to stop cybercriminals from getting in, with VPN use proving to be a simple and cost-effective measure.
What is a VPN?
A VPN, meaning Virtual Private Network, is a great bit of technology that allows you to create a secure network connection even if you’re using a public network or unsecured home Wi-Fi set up. Data that could otherwise be intercepted by hackers is encrypted before your Internet Service Provider or public Wi-Fi provider has even seen it, and is sent to its online destination from a VPN server and location rather than being tied to the details of your own device.
If someone does try to look at what you’re sending via a VPN, they’ll only see encrypted information – not raw data. So when you and your team are logging on from any number of places outside the office, client data and other sensitive information being transferred is given a solid layer of protection against attack.
Why are VPNs important?
Cyber crime against small businesses is on the rise, with distribution of malware and DDoS attacks both popular tactics for sabotage. The US has had by far the most data breaches of any country in the last few years, with theft of data and ransomware demands accounting for thousands of these crimes annually.
To a cyber criminal, no business is too small to exploit. On the contrary, it’s often the case that the smaller the target, the easier they will be to steal data and identities from, and to hack and hold to digital ransom. For a small business that needs to focus on growth and turning a profit, simple cyber security measures like using a VPN are often overlooked, but could be the crucial detail that helps you to avoid data breaches and losing money to hackers.
Cyber attacks cost small businesses in the USA between $84,000 and $148,000 on average. In the UK, where cyber crime cost businesses a total of £29 billion in 2016 alone, startups and small organisations pay out an average of £65,000 per attack. Whichever way you look at it, that’s a serious outgoing cost. It’s also considerably more than the cost of cybersecurity, with cheap VPNs and antivirus software likely to set you back less than 0.5% of the cost of a security breach.
Implementing VPN use
Virtual Private Networks are easy to use, which makes them perfect for teams who don’t have a dedicated IT specialist – let alone a whole department. The important thing is that all team members do use the VPN, ensuring that there aren’t any gaps in your defences.
Any device that might be used for work purposes should have VPN software installed, so as well as laptops and home computers, think about whether your team need a mobile app version for checking and responding to emails on the move. If you need to keep numbers down rather than setting up software on every device for every team member, lay out clear rules for which devices can and can’t be used to access company and client information.
For example, if your colleagues spend their working days on laptops, establish that work from any location should be done on that same device rather than logging on from their own home PC or tablet.
Other simple security steps
Of course, a VPN is not the only tool you should have in your cyber security armoury. Something as simple as a poor password choice or opening a spam email could allow defences to slip, and it’s important that no matter how small or large your team, everybody is briefed on the basics of keeping things secure.
Installing software that will scan devices and incoming files for malware, manage passwords and flag potentially dangerous links is a good way to have an in-house IT expert, without putting one on payroll. But encouraging education among all staff is a huge help, whether it’s in how to spot a phishing attack or what to do if a breach has actually occurred.
Just as your business will have brand guidelines and rules for things like dress codes and behaviour, keep a succinct list of key security measures that everyone should follow to help ensure confidence in a culture of cyber security awareness and protection.
Tabby Farrar is an Outreach Specialist and freelance writer covering topics like marketing strategy, everyday cyber security and employee wellbeing. In this article, she has used insight from HMA VPN.