In most countries seriously affected by the current global pandemic, governments have forced any organisation that can to implement home working for its employees with immediate effect. With the focus on getting the basics in place quickly to ensure people can continue to work, security measures can often be overlooked - and therefore exploited by cyber criminals and opportunists alike.
In this post we outline 5 pragmatic and highly effective steps you can advise your workforce to follow to minimise their security vulnerabilities.
Step 1: Watch out for Phishing
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication, typically through email or text. Cyber criminals are using the current crisis to send communications pretending to be from banks or Government organisations, such as the HMRC, offering loans and grants.
If you receive any emails or texts of this nature you must validate the information before responding. Check your normal trusted forms of communication from these institutions for consistency and also head over to their official websites, as they often have warnings about this type of activity.
Step 2: Secure your home network
Cyber criminals are constantly looking for weak spots to exploit, and one of the easiest ways for them to gain access to confidential data is through unsecured WiFi networks. The accessing of company and client information via an unsecure and unencrypted Internet connection leaves your organisation vulnerable to a data breach, as hackers seek to exploit security flaws to access your sensitive data.
Your IT team should have set things up correctly from their side, but you need to look at your own WiFi router settings - look for a padlock icon to signify your network is secure. You should also ensure you have changed the default password given to you by your Internet Service Provider - these are commonly used and maybe known to cyber criminals.
Step 3: Update everything
Another common vulnerability is that software and devices are not updated - such as smart phones, laptops and tablets. Encourage your teams to upgrade their software to the latest version supported under the company's security policy. It's worth noting that some organisations lag the release schedule for Apple software, though most don’t. Where possible you should activate automatic updating on all your devices.
Don't forget device updates also apply to digital assistants, such as Alexa and other smart home applications such as light switches.
Watch the full video: '5 tips on staying secure when working from home' through our COVID-19 Risk and Security Hub.
Step 4: Don't share your work device
The use of portable laptops and mobile phones has allowed workers to be more flexible with where they work, making the shift to remote working much easier than it would have been only a decade ago. However, the flexibility that these devices bring all comes with an element of increased risk. If you lend your work devices to family members such as children they can, unintentionally, put your data at risk. It can get deleted by mistake or new applications can be added that aren't safe.
This can result in unexpected yet harmless outcomes - such as the example of the manager who joined a Zoom call with her team and turned herself into a potato! Or much worse, someone could accidentally install malicious software that might steal your data.
Step 5: Secure your confidential items
It's easy to forget that your home is not like an office where you can book a meeting room to have a confidential conversation, or where you can lock confidential files away securely. It's important to ensure you follow similar protocols that you would normally adhere to in an office environment. Find a quiet room to have confidential conversations where you cannot be overheard - young children could be listening in and unknowingly share confidential information on social media, so you should always be cautious.
The infographic below provides a quick reference for your teams to follow. If you'd like to watch our short video that provides more details on each of these steps, just visit our COVID-19 Risk and Security Hub.