Due to the current Coronavirus outbreak, we’re seeing an increase in businesses permitting their staff to work from home. Flexible working is becoming the norm and the business landscape is changing rapidly as a result, but so is the Cyber Threat Landscape! BEWARE!
This raises its own issues when it comes to cyber security. For example, is their equipment up to scratch, or are they resorting to more powerful home computing devices? And if staff are using personal devices for work, do these offer the same protections?
What is happening to the data held on your office servers? Is it accessible to all from home, and is it still being backed up effectively?
These are the just a couple of the things you need to be thinking about.
What does the cyber threat landscape look like?
Well, as we have written about recently, we have observed a significant increase in the number of phishing attacks. Phishing is a popular tool of the cyber criminal, even without the current global situation, but it has become even more prevalent since the outbreak of COVID-19.
Campaigns are leveraging the panic and genuine concern surrounding COVID-19, with communications spoofing or impersonating trusted sources such as the Government, schools, local councils, and more. This is on top of the increase in fake news on social media platforms surrounding ‘miracle cures’ and the origin of the disease, amongst others.
With staff either in self-isolation, or working remotely due to government advice, impersonation emails are particularly effective. For example, criminals are taking advantage of businesses without effective communication channels by posing as key decision-makers and asking for ‘payments’ to be made, or passwords to be reset.
In other channels, COVID-19 ‘maps’ are proving a common method of disseminating malware. It’s approximated that between 50-80% of these websites contain the potential to distribute malware, so please be careful of these. If you’re curious, please use the case map set up by Public Health England.
What are the solutions?
Use multi-factor authentication (MFA) for every service or software that is internet-facing – this protects against 99% of account hacks!
End User Training
Train your staff on cyber security best practices – this will help them spot dubious activity including phishing.
Email security will protect you against most phishing attempts. If it includes email continuity, you’ll also be able to access your emails in the event of an outage.
Collaboration and Communication
Cyber criminals rely on confusion to execute phishing attacks. Use collaboration software like Microsoft Teams to keep in touch with your colleagues. Doing so means strength in numbers – it’s also an important means ensuring good morale and mental health.
Reliable, Secure Equipment and Software
Provide your team with the means to do their job effectively whilst working remotely. People will always look for short cuts, and if that means using a different device because their current one falls short of their needs, they will, putting you at risk.
Cloud backup services
It goes without saying that having a backup and business continuity plan is just as important – arguably more so – whilst working from home. Does your current data backup plan accommodate remote workers?
Ensure that all devices are patched and kept up to date; this will keep your devices secure against the latest threats. Either administer these updates centrally or provide clear instruction on how your team can do this.
If you’re not sure where to start with these, please do not hesitate to get in touch on 01283 753 333 or via email at firstname.lastname@example.org.
In the meantime, we’ve compiled some resources to help you adjust to remote working, and to keep you safe.