A Cyber Security Article
Published: 02/04/2020 Last Updated: 02/04/2020
The current Coronavirus pandemic means that many organisations are now enforcing home working practices for the majority, if not all, of their employees. While this is an important social distancing strategy in delaying the spread of the virus, for some companies home working is a completely new way of operating.
The speed at which government restrictions have come into force also means that a lot of organisations have struggled to ensure that users are adequately set up to work from home – both in terms of equipment and tools, and from an education and awareness point of view.
There are many reports of cyber criminals and hackers trying to exploit the Coronavirus outbreak in order to perpetrate attacks. Phishing is the most common attack type, due to the almost limitless social engineering possibilities. Emails with a subject line containing “Coronavirus” or “Covid-19” are sure to pique the interest of most users.
Home working brings many security challenges, and in an ideal world companies would have adequate time to deploy effective cyber security solutions and educate their users. This is far from an ideal world, and comes at a time when most businesses should be focusing on core operations and supporting customers.
For businesses who suddenly find themselves operating in a remote and virtual world, and for whom this may be unchartered territory, here are our quick cyber security tips to help ease the transition.
User education: by far the most effective strategy is to educate users to remain vigilant and follow cyber security best practices at all times. Online cyber awareness training and simulations for certain attack types such as phishing are available, but come with a cost. However, there are a number of resources available free of charge, and measures you can take yourself:
- Tip sheets and quick guides are available from organisations like StaySafeOnline, powered by the National Cyber Security Alliance.
- You could also consider running webinars and virtual drop in clinics for employees to ask questions.
- Make sure there is a mechanism in place for employees to report suspicious emails and potential cyber security incidents – if they accidentally uploaded a sensitive document to a Cloud-based app, you want to know about it!
- Instil a ‘no blame’ culture – the key here is openness. If your users feel they may be penalised for a security breach, chances are they won’t report it
Technology and devices: More than ever before, the lines between corporate and home-owned networks and devices is being blurred. More than ever before, the perimeter of your network resides with the user and their devices. Here’s a few quick and easy recommendations to help make sure that your data, devices and users stay safe – wherever they are.
- Ensuring that anti-virus and other security software is installed and fully up to date.
- Make sure Wi-Fi connections are secure – that means changing the network’s default name and choosing a strong password.
- Your users might also want to consider having a separate network for home and corporate devices.
- Always connect to the corporate network via a VPN or other secure network connection.
- Only use approved devices and applications for work-related activity.
- Back up files regularly.
- Lock your screen if you use a shared workspace in the home.
- Restrict access to the devices you use for work, ideally keep them with you or lock them away when not in use.
- Don’t allow friends, family or toddlers (!) to use your work devices
- Always think before you click on an attachment or link in emails and messages. Particularly if they reference Coronavirus or Covid-19. Even if the message appears to come from a colleague or someone you know, exercise caution!
The truth is that all of the above measures apply to home and remote workers at all times. We may be operating under unprecedented conditions right now, but this too shall pass. And when it does, the rules of staying safe online won’t really have changed, and they will be just as relevant then as they are now. So perhaps one slim silver lining to this cloud is that cyber security will get the recognition it deserves, at all levels of the organisation. And that is no bad thing at all.