Many businesses had to quickly put measures in place to enable staff to work at home during the COVID-19 lockdown and for the majority, remote working is set to become the new normal for the foreseeable future.
As such, the lines between work and home life have become increasingly blurred, more fluid, some may say, more relaxed. With staff making use of multi devices, home Wi-Fi and fitting work around family commitments; including home learning for school aged children. The almost instant change in working patterns and behaviour has meant that businesses needed to respond very quickly to keep operational. Setting staff up to work remotely, whilst giving them access to everything they needed, proved a challenge for businesses of all sizes.
Cyber security risks most certainly increased as a result of more staff remote working. Hackers instantly launched a wave of cyber-attacks trying to exploit people working from home. As the UK entered lockdown, financial losses caused by cyber-crimes surged by nearly three-quarters according to the City of London Police. The force, which runs the national Action Fraud service, said it received 3,916 reports of online incidents during the first month of lockdown alone – the equivalent of £2.9 million in reported losses and an increase of almost 72% compared to the previous month.
Financial fraud is not always the main motivation for cyber-attacks. In May 2020 EasyJet was forced to reveal that a hack had exposed the personal information, including email addresses and travel records of 9 million people, data that can be used to make phishing emails seem honest and genuine.
In October of this year British Airways was fined £20 million for a data breach that occurred in 2018 when their systems were compromised by its attackers, enabling hackers to harvest 400,000 customers’ details as they were input. A subsequent investigation concluded that sufficient security measures, such as multi-factor authentication, were not in place at the time.
Protecting the data and privacy of both customers and staff is a key premise of The General Data Protection Regulation (GDPR). Businesses must follow high-level cybersecurity guidance in keeping data and in processing it safely. As both BA and EasyJet discovered, a data breach can be disastrous for your organisation; seven out of ten small companies that experience a major data loss go out of business within a year according to management consultants PricewaterhouseCoopers.
When we talk about cyber-attacks what comes to mind? Something big, dark and seemingly far off; like Russian or Chinese forces hacking government websites and large organisations? All very James Bond yes? However cyber attackers now strike much closer to home, to the homes of your staff, to the heart of your organisation.
With many companies now facing a prolonged period of staff working remotely, it is time to take a fresh look at your cyber security, to ensure adequate protection of your staff, business and reputation.
At a very basic level, reinforcing staff vigilance through training and best practice reminders goes a long way to staying secure.
91% of cyber attacks start with an email. Phishing emails typically use topical stories and current news, and with the fear and confusion surrounding COVID, fraudsters have had a field day in scamming people out of data and money. Attacks have increased in sophistication, specifically targeting coronavirus-related anxieties, rather than the more usual attempts at financial fraud or extortion. Soon after the launch of the Government’s Track and Trace, fraudsters were sending fake emails and texts, some of which looked so real many people were unsure of what was genuine and what was not.
Cyber tricksters have taken things one step further with emails purporting to be from a work colleague. One spoofing attack featured an unnamed company chief executive, supposedly asking workers to donate to his health charity. While others mimic IT support departments, asking workers to download new software.
Designed to exploit people’s fears, phishing emails work to encourage recipients to open attachments or click on links which will then download malware onto their devices. Misspelled domain names, bad spelling and grammar can indicate that fraudsters are at work. The National Cyber Security Centre (NCSC) received more than 1.8 million reports in August from its own reporting service, which allows people to forward suspicious emails directly to the agency for further investigation. As phishing cyber-attacks show no sign of slowing down, remind staff to stay cyber alert and vigilant.
Managed email security services reduce the number of phishing emails reaching inboxes. Whilst managing your global email protection in-house can be complex and costly, there are services that can be set up and running in days. Here at Infosec Partners we have a range of email security solutions that can be tailored to fit your businesses needs, so get in touch to find out how to defend your business from email cyber-attacks.
Whether staff are using their own devices or company provided resources. Ensure they have the latest virus software downloaded, whilst reminding employees to ensure that devices are locked away out of site when not in use.
Strong passwords are necessary and should be unique for every use. Your staff must not use default passwords that are preconfigured on wireless networks as there is a higher risk these can be compromised. As it can be hard to remember all passwords, use a password manager tool if possible. Set up multi-factor authentication to add an additional layer of security.
In most instances staff will be using their home Wi-Fi networks. Insist that they secure their home Wi-Fi with a strong password – typically many never change the factory set password installed on their router, so this can be updated to be more secure. Discourage the use of unsecured public Wi-Fi networks for business use as these are easily targeted by cyber criminals to harvest confidential information.
A Managed Wireless Security Service can further protect your organisation against Wi-Fi threats. Give us a call at Infosec Partners if you would like more information.
Skype, Microsoft Teams and Zoom have seen a massive increase in use through 2020 as people connect and collaborate virtually, and users naturally rely on the apps to be secure and safe. Applications were struggling to keep up with user demand, highlighting several security holes. You may recall news stories regarding hackers remotely accessing Zoom meetings and taking over devices. Cloud applications have worked hard to fix the security issues through the last few months and whilst they are now safer places, users must not be complacent and should still follow best practice – set up multi factor authentication for login, always set passwords for meetings, and use the latest versions of the application.
Let us not forget, safe remote working also means ensuring a good work life balance. Encourage staff to separate their work and home life environments as much as possible and to switch off devices at an appropriate time. Working into the evening when tired creates more pressure, lack of focus and increases the risk of cyber slip ups. Holding regular virtual meetups to check in with staff and chat about any concerns and work to reassure them.
In addition to your staff mitigating cyber risks, what more can your organisation do to provide a secure working environment that counters the risk of an attack? From firewalls to endpoint security, data loss prevention to incident response, there is a full spectrum of cyber security services available to protect personal and financial data, and the reputation of your business.
If you are unsure as to what cyber security measures you need to put in place, or you are looking for someone to manage it all for you, then get in touch with the team here at Infosec Partners and we will be happy to discuss your business needs.
0Contact Infosec Partners
Call: +44 0845 257 5903
Email: secure@infosecpartners.com
Visit: www.infosecpartners.com