The “new normal” has seen many companies re-organise to facilitate homeworking by their employees. This unfortunately has given cyber criminals an opportunity to take advantage of the new situation & we are seeing a dramatic rise in cyber crime as a result. How can businesses protect themselves & their employees from criminals focused on attacking IT networks & infrastructures that now have to support many more people working from home?
There are 12 things businesses can do to enhance security for remote workers.
- Password complexity & management. A system needs to be in place to ensure rules exist & are followed. Use a mixture of capitals & lower case, numbers & special characters with a minimum number of digits – at least 8. The National Cyber Security Centre recommends using 3 random words. for example, pencilchairfilm, – pencil2chairfilm! would be even better. NEVER use date or place of birth, names of partners, children or pets, or 12345 or 000000 – these are still very common & easily guessed by criminals.
- Multi-factor authentication (MFA). Having 2 forms of identification is a simple & effective way to increase security. This can be achieved by password then a randomly generated code sent by text message or via an app.
- User Privileges. Individuals should only have access to the systems, functions & software that they need to do their job. More secure areas should be restricted. Allowing blanket access can leave the entire network open to cyber criminals, should they gain entry via a user’s account.
- Virtual Private Networks (VPN). A VPN extends a private network across a public network to allow users to exchange data as if their devices were in a private network. This gives data the benefit of the private network’s security including password protection & encryption.
- Use of own equipment. Allowing users to access your business network from their own devices can introduce security issues – an employee’s laptop, even if not infected with a virus, could have out of date security or anti-virus software. Businesses should supply employees with standard-build equipment with security in place to protect business information.
- Anti-virus software updates. These can be an irritation to users as they take time, but employees should be made aware that updates are to be actioned as soon as they are available, as they will include the latest security improvements.
- Quick reference Guides. If there are many home workers there may be uncertainty about accessing the network remotely or unfamiliarity with different systems. The production of brief “How to” user guides will reduce the number of queries to the IT helpdesk or other reference point & could even reduce the likelihood of a security issue.
- Training staff to recognize phishing emails is essential – in particular, check the email address, grammar & spelling, is it addressed to you as an individual or a generic “Dear Customer”? Is it imposing an unreasonable payment deadline or something outside normal business practice? Be aware of emails selling supposed coronavirus cures or maps detailing virus outbreaks. Staff need to be vigilant & not click on any links in emails.
- Removable Media. There should be a policy that no removable media is used as memory sticks & SD cards can introduce viruses.
- Public Places. There are 3 things to bear in mind. Security – never leave devices unattended in a public place. Data – be aware of surroundings – can someone see what’s on your screen or watch your key stokes? Wi-fi – networks without passwords (or a password displayed on the wall) should not be used as they are easily accessed by criminals.
- Methods to encode information so that only authorized parties can access it may not stop an attack, but it does make data useless to the cyber criminal
- Reporting security Issues. Time is of the essence when reporting a security issue, whether it’s a lost phone, stolen laptop, security breach or clicking on a suspicious link in an email. Being able to assess a situation quickly & organise a response will limit losses & speed up the recovery process.
By Beverley Brown FCII MBA – Broking Director & Chartered Insurance Broker.