How to run your SME business securely from the office AND working remotely

If you’re running an SME, your set-up probably looks quite different today than before the pandemic.

Lockdown forced businesses of all sizes into a remote operation. But now we’re getting back to normality, this doesn’t mean returning to the office full-time; many SME owners want to offer more long-term remote working options.

Increasing flexibility is good for staff morale. People feel motivated when they can choose their preferred working set-up, and virtual offices keep your overheads down. But there’s an added risk that many firms don’t think about: IT security.

To make sure your business network is safe wherever staff choose work, here are four security measures your company should consider:

1. Secure your endpoints

Endpoints are the technical term for any piece of technology that connects to your business network. For most SMEs this means laptop computers, tablets and smartphones.

You may have installed antivirus software already; this is a good start, in case you haven’t, you can find out which one suits you on but it won’t protect you fully from security threats. Cybercriminals are continually thinking of ways to infiltrate businesses, from ransomware and phishing to malware attacks. That’s why it’s critical to take endpoint security seriously.

To keep company data secure, you need to fit business level antivirus and anti-malware software to every piece of tech used for work purposes – whether that’s company-issued or someone’s personal computer.

State-of-the-art software monitors cyber threats round the clock, flagging and tackling issues before they snowball into a data breach. Make sure you combine this with frequent data backups to protect critical company information.

2. Use a VPN connection

Even with antivirus and antimalware software installed, the cybercrime risk to your business increases when staff work online remotely.

In an office environment, you can ensure that everyone is using a secure, robust internet connection. However, your team’s home WiFi may not be as reliable, or they may choose to work from a public space like a café or train station.

To limit the chance of a cyberattack, make sure your colleagues use a virtual private network (VPN) whenever they connect to your server, to bypass untrustworthy internet connections. VPN software can be downloaded directly to all the devices your team use for professional purposes (including their personal technology).

3. Set clear staff policies and permissions

While transparency is important for company success, giving your workforce unrestricted access to your business network creates a huge security risk.

The best way to protect your infrastructure without compromising productivity is to make document access permission-based. This way, people can get to the files they need to do their job, but they can’t view or edit anything else.

Making sure staff understand why your system has been set up this way is also important. Business security is a cultural initiative as well as a practical one, and the best-run SMEs encourage all team members to ‘play their part’ in keeping data safe. To enhance this, make sure your IT policies are up-to-date and include a remote working guide for staff .

Your remote working policy can include information such as where to save documents (never to the desktop), how to position screens when working publicly, and creating a ‘whitelist’ of suitable apps, sites and files that employees can visit or download.

4. Train your team to identify and report cyber threats

Putting measures like endpoint security, VPN connections and clear IT policies in place will help to reduce the security threats to your business. Prevention is always better than cure. But sometimes a breach will occur – it’s as simple as someone accidentally clicking on a phishing email, or a phone being stolen from their pocket.

The best way to minimise cyber threats is by training your team to spot potential issues and report them as quickly as possible. Finding out how cyber savvy your workforce is will help you to pitch that training right and focus on the most valuable advice.

Regular workshops on security best practice and what cybercrime looks like will help to build a secure company culture. And if staff know who to speak to if they’ve fallen victim to a security issue, you can launch a disaster recovery programme as quickly as possible.

Find the right partner for future IT security

Adopting a hybrid model where employees are office-based some of the time and working remotely the rest of the week is incredibly liberating for team members. But consider the impact that this hybrid set-up will have on your business security and put the right protection and protocols in place before you make this a long-term working model.

Many SMEs don’t have the time, knowledge and resources to manage business IT in-house when you’re office based, let alone when your workforce is partly remote. So expert external support can be the best route to a more secure organisation.

Outsourcing security to an IT company is a straightforward, cost-efficient way to maximise company security.

An IT managed services provider will help your business to understand security vulnerabilities, install software, introduce new processes and take avoiding action whenever a cyber threat increases. This way, you can focus on building your future post-pandemic, feeling confident that your IT network is in safe hands.

Epoq IT’s new guide: How To Run Your Business Securely – Inside and Outside the Office is available to download now.