Cyber security tips for home working during the coronavirus pandemic
Cyber security experts have recently reported a spike in coronavirus-related email scams, with criminals looking to exploit the uncertainty around the COVID-19 pandemic with ‘phishing’ emails designed to trick people into handing over their personal details.
Now that more and more people are working from home and accessing data through unsecured Wi-Fi networks, we could see an even bigger spike in cyber-attacks over the coming weeks and months.
Working from home, or “remote working”, is going to form a big part of working life in the UK for the foreseeable future, so it is imperative that businesses understand the challenges and risks it presents and put procedures in place to mitigate them.
Businesses are anticipating more and more employees working from home to avoid contracting the COVID-19 virus, while others are planning for a potential “lockdown” scenario of large-scale quarantine orders.
This poses a range of cyber security issues for businesses, including:
- Increased risk of employees accessing data via unsafe Wi-Fi connections
- Employees using personal devices to carry out work tasks
- Employees not following company security protocols
- Added distractions in the home – children, pets, chores, TV etc.
The increased risk could leave your business more susceptible to cyber-attacks such as:
Fraudsters are currently sending coronavirus-themed emails to trick people into opening malicious attachments or clicking links to pages that collect their personal details.
The BBC has found recent phishing emails purporting to be from the GOV.UK website, the World Health Organisation (WHO) and various other medical organisations and financial institutions.
This involves the fraudster gaining access to a mailbox and being able to pose as a supplier. They then email your employee and ask them to update their payment details so the next time your company pays the supplier, you actually pay the fraudster.
This tactic could prove more popular over the coming months, as workers’ are more distracted while working from home and less likely to spot something suspicious.
Phone call ‘Vishing’
‘Vishing’ is the telephone equivalent of ‘phishing’, and involves the scammer trying to convince the user into surrendering private information over the phone.
As well as these basic tactics, cyber criminals are constantly developing new ways to attack businesses – from malware and ransomware attacks to malicious smartphone apps.
Cyber security tips
In order to protect against these risks, there are some simple actions businesses and employees can take such as:
- Updating passwords – now is a great time for your employees to change their passwords to something more secure
- Making a conscious effort to check before clicking on links/attachments – it is easier to get into a more relaxed frame of mind while at home, which could be dangerous
- Avoiding public Wi-Fi networks – these are rarely very secure and are an easy target for hackers
- Locking your screen at home – this guards against your children accessing or clicking on something that could cause a problem
There are also some larger-scale actions businesses should consider taking, such as:
Review your current cyber policy
Now is the time to review your current information security policy, and other related policies, to establish if there are any existing guidelines for remote working and whether they are still fit for purpose.
Some businesses may already have a strong policy regarding working from home, while others may have contingency plans for disaster recovery, BYOD (bring your own device) guidelines and other related policies.
If your business does not have any relevant policies, plans or contingencies in place, then this is a good time to at least establish some company-wide guidelines regarding remote access to the company network and best practice when working from home on personal devices.
Communicate plans and guidelines effectively
All line managers and team leaders should be familiar with what cyber security guidelines, plans and policies are in place, and ensure that the correct information is passed on to their teams.
Most of your employees are likely to be unfamiliar with the concepts and the terminology associated with cyber security, so it is important to provide guidance and support wherever possible.
Review your business response plans
As well as ensuring there are robust policies in place and that all employees are familiar with what is required of them, it is important to review your data breach and incident response plans.
Is your business prepared for a security incident or data breach? Does everyone know what their role will be in the event of a cyber-attack to ensure the business continues to function? These are critical questions that you need to answer with a strong and comprehensive business response plan.
Protect your business from cybercrime with BHIB
We have recently launched our own Cyber risks division at BHIB to help our clients protect themselves from the risks of Cybercrime and we are currently offering a free cyber risk review to all our clients.
The most common Cyber attacks we are seeing in 2020 are `Business email compromise`, `Social engineering scams` and `Ransomware attacks` targeting businesses to lock down their systems and hold your important assets for ransom. Whether it’s customer invoices, design files, project plans, losing access to business-critical files and data can be disastrous to your business
Cyber insurance can protect you against the financial loss associated with these kinds of events, paying for the lost money, recovery and even re-creation of important data and minimizing any long-term impact on your business.
If you are interested in a FREE cyber risk review, please contact us on 0330 024 06 06 or contact our Cyber Specialist Andy Hall on 0116 2819152 or firstname.lastname@example.org.