Dr Clare Ryan , Cybersecurity specialist
With the escalating global situation with Covid-19, it is likely that the necessity for remote working by many employees and businesses will continue for some time. For many businesses who have previously implemented this type of work pattern, this will simply become an extension of their normal ‘remote working policy’. In this case, the business will have well established cyber security procedures in place. However, for many businesses, there is a rush to set up a remote working environment, with cyber security often overlooked.
If your employees or indeed your business is newly transitioning to the world of remote working, please remember the following 7 key factors that can help keep your business and employees safe online during this time:
1.Remote workers should use a company provided device. This device will be configured in line with the business’ security strategy, with access to key systems and applications pre-configured. However, given the rapid need to introduce remote working, this may not be a feasible option at this time.
2.Review your current ‘Bring Your Own Device’ (BYOD) policy. There is currently an increased requirement for businesses to avail of employee’s personal devices. If your business is utilising BYOD for the first time, an enterprise grade anti-virus and anti-malware should be applied to these devices. IT staff should also review the devices to ensure that they are fully patched throughout the time in use.
3. Ensure employees are aware of your business Security Policy, including the requirement for strong passwords. If necessary, issue an update of the policy or refresher training to ensure all employees are aware of their roles and responsibilities, including their responsibilities regarding Data Protection during this challenging time.
4. Activate Multi-Factor Authentication (if not already in use). Businesses should consider this step, where possible, to reduce the potential for account compromise.
5.Secure connections to the office environment should be provided. This can be through a Virtual Private Network (VPN) and we recommend that all sensitive business is conducted in this way.
6. Remind employees of the dangers of using public WIFI which can be easily comprised. We recommend that public WIFI is not used for business operations during this period.
7. Remind staff to report issues when things ‘go wrong’. There is an increased risk that an employee may fall victim to phishing or social engineering scams during this period. It is essential that employees report these incidents in a timely matter to their IT department to ensure that a strong security posture can be maintained.
Cybercrime thrives when employees are distracted
The intense interest in Covid-19 and the uncertainty around it has led to increased internet search activity among employees. Many people have chosen to sign up to news alerts or entered email addresses to download disease maps or statistics, in some cases using business provided emails. The desire for knowledge at this time has acted as a lure for cyber criminals, with many now exploiting the general risk in anxiety during this time.
We are aware of numerous phishing campaigns using Covid-19 as a lure and would advise that that businesses encourage employees to review and assess emails prior to reading/ opening attachments or links. These are in addition to compromised disease maps and prevention guides/health information websites. In addition, please remind staff that business email address should only be utilised for business purposes.
Good practice guide for email security:
- Check if the email has been generated from the sender listed by hovering over the email address to reveal the sender’s identity. If the sender’s identity is different, then delete the email.
- If an email contains a link, hover over the link to reveal details. It is easy to rename/hyperlink an address within an email to make it look like something else. Copy and paste links into a new browser window if you wish to open them. A good endpoint protection software (antivirus/anti-malware) will prohibit the link from opening if it is high risk.
- Finally, in these difficult times when businesses will be conscious of cash flow, please encourage all staff to check banking details with suppliers prior to making electronic payments.