In light of the coronavirus (COVID-19) pandemic, you most likely now have a number of, if not all your team working from home.
As we all adjust to this new way of working, cybersecurity can become under threat. At a time when our reliance on technology is ever increasing we must ensure measures are in place to keep our team and businesses’ data safe.
In this article, we have highlighted quick, practical steps you can take to protect your cyber security.
1. Have strong passwords
Check that you and your team are using strong passwords, especially when logging into work software or finance applications. Default passwords are usually weak providing an easy target. The National Security Council recommends three random words to create a longer, more complex password. Tools such as password generator can help you test the strength of your password, and suggest stronger alternatives.
You can make these passwords more complex by adding capital letters, symbols, numbers and even spaces. Now might be a good time to ask your team to update their passwords as a precaution. Two factor authentication is also advised, and is now mandatory in a lot of businesses.
It’s also important not to have the same password for all tools. Whilst it’s much easier to do so, as it’s incredibly frustrating when you can’t remember your password, it makes it incredibly easy for a hacker to gain more access and data.
2. Review user access and privileges
Does your team have access to the parts of your system they need, and only the parts they need for their role?
Understandably, it might have been tempting when setting your team up for working from home to give everyone blanket access to the network. But now that everyone is hopefully adjusting to working from home, you should now look to tighten these privileges and make sure your team only has the access rights they need to fulfil their tasks.
By gating some parts of your systems, you reduce the risk of cybercriminals getting full access if they hack one employee.
3. Consider use of equipment
Allowing your team access to your systems with their own devices can introduce security issues, as their device might already be infected with a virus.
There is also a risk of your team member sharing the device with other family members who might introduce viruses or accidentally lose some of your data.
Where possible let your staff use the businesses’ IT equipment as this will have your own security measures and best practices in place.
Also, discourage staff from using removable storage devices such as USB sticks or memory cards as these too may be carrying viruses.
4. Use anti-virus software
Many businesses protect devices from malware and viruses with the use of anti-virus software and other measures such as; restricting spam emails, blocking certain website domains for restrictive online access and admin only levels to download new applications.
If the device being used to work from home is different than the usual, you should ensure it has the relevant antivirus protection that meets the businesses needs.
It’s also worth noting to check that all devices used have up to date security software installed and that it hasn’t lapsed.
5. Be vigilant of phishing
It’s sometimes hard to get into a ‘work’ frame of mind when not in the office. So encourage your employees to remain vigilant and on the lookout for scams and phishing emails as they would in the office.
There has been an influx of new scams preying on people’s fears about COVID-19. Recent scams include:
- selling a cure for COVID-19
- selling PPE
- providing a map of affected areas
- emails impersonating the World Health Organisation
- fake airline emails to gather sensitive information such as passport numbers
- fake charitable donation requests to ‘help those impacted by coronavirus’.
Remind staff if you see something on social media or receive an unsolicited email that seems too good to be true, it probably is.
Aside from learning how to spot phishing emails, make sure you and your team do your research, use reputable companies, and follow-up requests for money or information with a phone call using a number from a separate, trusted source.
6. Report It
All employees should be aware, and perhaps reminded at this time, of your cyber security measures and associated processes.
It’s important they understand and feel comfortable with reporting any issues, as time is of the essence with any security incident. If they click on a link that they think poses a risk, or that a password may have been compromised, they must tell you (or whom identified) straight away so that the appropriate action is taken.
You can report cybercrime and fraudulent emails to Action Fraud – https://www.actionfraud.police.uk/
Don’t forget our friendly team is here to help where we can. If you want to discuss your cybersecurity concerns, find out more about cyber insurance, or share a scam you have seen that you think others need to know about, please don’t hesitate to get in touch with us.
If you are worried about your cyber risk, it might be worth taking a look at our cyber insurance policies. You can get more information on our cyber insurance page.