General

Cyber Security & Homeworking

In the UK, and around the globe, businesses and individuals are doing their best to cope with the Covid-19 pandemic. 

With normal daily lives and normal business practices under pressure, due to measures to slow down the spread of the virus, it has meant changing how we do things.

This unfortunately has given cyber criminals an opportunity to take advantage of the situation, and a dramatic rise in cyber-crime has been noticed.

Cyber security experts have seen attackers move quickly to launch phishing attacks around other threats or humanitarian disaster events, and Covid-19 has given them an opportunity to attack businesses and individuals, to access work and home networks.

The current situation has seen unprecedented moves by all types and size of business, in a very short space of time, to have the vast majority of staff working from home. This has put a considerable stress on infrastructure and support systems.

World Health Organization (WHO) have reported a number of scams have been circulating. Most of them as e-mails, but also rogue web sites. Many of these scams request detailed information and/or money from individuals, businesses or non-profit organisations with the promise that they will receive funds or other benefits in return.

Others ask for registration fees for conferences allegedly sponsored by WHO and for hotel reservations, again with the promise of certain benefits. These scams usually carry the WHO logo, and originate from or refer to e-mail addresses made to look like WHO or United Nations address.

12 Recommendations for Cyber Security when Remote Working:

  1. Password Complexity and Management – a strong password is essential. A system needs to be in place to make sure rules are complied with. Using capitals, lower case letters, numbers and special characters over a minimum number of digits, usually eight (the more the better) is a good rule, for example, £Magenta6
  2. Multi-factor Authentication – having two forms of identification to gain access is a simple and effective way to increase your information/data security. This can be achieved by password and then a randomly generated code, sent to you by text message or an app.
  3. User Privileges – a rule that should be applied at all times, but especially important where staff are working remotely. In short, give individuals access only to those systems, functions, software and areas that they need to do their job. 
  4. Virtual Private Networks (VPN) – a VPN extends a private network across a public network, allowing users to send and receive data as if their devices were connected to the private network. This will give the data the benefit of the private network’s security including password protection, and encryption.
  5. Use of Own Equipment – any device supplied by the business should be a standard build with security and restrictions in place to protect the business’ data and information. A user’s own laptop for example, could already be infected and introduce a virus into the network.
  6. Anti-virus and Software Updates – sometimes software updates can be an irritation to users, as they can take time, but it cannot be emphasised strongly enough that as soon as an update is available it should be completed.
  7. Quick Reference Guides– if your business has a large number of remote workers as a result of an incident of closing a location, or a pandemic outbreak, then uncertainty about accessing the network remotely, or unfamiliarity with different systems and applications, can give rise to an increased query traffic to your IT Helpdesk, which itself could have reduced manning. Production of easy to use, brief and accurate ‘How To’ user guides can reduce the impact on the IT Team.
  8. Phishing Education – Training staff to recognise a phishing email, website, text etc, is essential as they can be very convincing.
  9. Removeable Media – unsolicited SD or USB memory sticks can introduce viruses into a computer, which can spread through the network. There should be a policy that no removeable media is to be used, and the ports on the devices disabled to protect again this threat.
  10. Encryption – this is the process of encoding a message or information in such a way that only authorised parties can access it. It will not on its own, stop an attack, but it does make the data useless to the cyber criminal.
  11. Care when working in Public Places – there are three main things to keep in mind when using devices in public. Security, never leave unattended. Data, users should be aware of what’s around them. Can someone look over your shoulder etc? Wi-Fi, a wi-fi in a coffee shop for example, with no password, has easy access for cyber criminals. 
  12. Reporting Security Issues – staff should be made aware that time is of the essence when its come to reporting any security incident; whether it’s a lost phone, stolen laptop, any breach of systems or network, clicking on a bad email attachment or a link that doesn’t look right, a password you think may be compromised, or any other threat or activity that causes a user concern.

Sources:

1 Aviva

2 WHO

Brunsdon Insurance Brokers Limited are not responsible for the content of third-party websites.

Subscribe for more

Other Popular Posts

Menu