With the global pandemic having devastating effects on our lives and businesses, it’s easy to forget the need for cybersecurity. Yet with millions of employees working from home and organisations having to deal with rapid change, opportunistic cyber-criminals are looking to exploit this period of crisis and change, making business security a bigger challenge than ever before.
As a general rule, employees are under more pressure and stress during a crisis and are more likely to make mistakes and compromises that could result in a security incident. This is especially the case with an increase in attacks from cyber-criminals taking advantage of the current situation with, for example, phishing emails purporting to be about the coronavirus. Google, for instance, have reported that scammers are sending 18 million Covid-19 related emails to Gmail users every day to try and persuade users to download malicious software, obtain sensitive data or donate to false causes. As such, just one employee clicking on the wrong sort of link could be the trigger that results in a widescale cyber-attack for your business.
This new territory does increase risk, but business leaders can take simple steps to bolster their cybersecurity.
1. Protecting accounts
Typically, a single-step log in procedure is an easy weakness for attackers to target. Businesses can combat this with multi-factor authentication (MFA). This requires staff to give an additional piece of information, for example a unique pass code, to be verified for log in. This extra security layer can be applied to most programs or applications, and serves to strengthen your barriers against cyber-criminals targeting passwords.
For additional security, businesses should encourage staff to install a password manager. This generates a unique set of credentials for every log in, with the original details subsequently encrypted and stored in a safe place. This enables strong password practices, defeating criminals who look to steal and share credentials.
These options should be suitable for any younger SME business seeking cost-effective solutions in a time of economic difficulty. MFA is often included in tools and services as a standard, and there are free password managers. Both budget-friendly systems work effectively to reduce the risk cyberattacks for employees, therefore boosting the overall security of the business.
2. Secure video conferencing
Unfortunately, the rise of new video conferencing software during lockdown has given way to a trend of meetings being crashed by third parties. Companies should take cautious steps with their video conferencing set-up to prevent this.
When setting up a meeting, be careful not to advertise it openly, and ensure that a password is required to gain entry. While the conference call is in process, the host should then monitor who joins the call and stay aware of attendees for the duration of the meeting.
3. VPN and tighter networks
Many cloud services use encryption by default, but that’s not necessarily the case for older applications that now need to support remote access. By utilising a Virtual Private Network (VPN) businesses can bolster their network security, by providing an authenticated and encrypted private tunnel.
Some of the burden also lies with the employees themselves. They must be vigilant with their own remote set-ups. For example, they should consider changing the passwords for their home routers to avoid the default credentials. It is also advisable for people to regularly conduct virus scans of their own machines, and ensure that all software is up to date.
4. Cybersecurity awareness
It is crucial that the entire team are vigilant, especially in such unprecedented circumstances. Employees should be trained in identifying threats, and on what’s expected of them in your internal security reporting process.
A company must communicate with its employees and keep them up to date on cybersecurity policy. Internal guidelines such as those covering BYOD equipment, and Acceptable Usage Policies, are important to maintaining a secure working environment, and a business should ensure that staff are informed and understand any updates to these.
5. IT team cooperation
Given the intense nature of transition and adaptation that the current climate requires, a business’s IT team will be experiencing high demand. This is to be expected given the vast number of technical obstacles there are to navigate when moving to a remote way of working. Suddenly the IT team is vital to your continued operation. You can ease the strain put on them by tempering unreasonable requests and installing a streamlined process for staff requesting their services. By grading IT requests on a scale of urgency, you can moderate the stream of demand on the team. The entire company must culturally buy-in to the system, therefore allowing the IT team to function.
IT professionals must also be trusted in a time of change. Pressuring them to cut corners of compromise on security processes in favour a quicker resolution should be avoided. If the IT team are resistant to a demand, there is generally a good reason for it.
6. Remote working culture
People working from home means a mental and physical adaptation to a new daily routine. This combined with the universal stresses posed by the coronavirus crisis, means that people may be finding their work-life balance more difficult than usual. Business leaders should consider that staff may be facing personal issues, and that certain collaboration systems could take longer in the new climate. Adopting a more flexible culture which allows for people to be comfortable in their new routine is vital to an organisation’s wellness.
Teamwork is crucial. If business leaders can support their staff, and the work-life culture is supportive, a company is better placed to move through this difficult period. By trusting IT teams and allowing them to install programmes and policies to improve cybersecurity, a business can look to maintain a smooth operation, despite all the changes. By implementing solid cybersecurity solutions, the risk of attack is reduced, and a company can concentrate on driving forward.
Scott Lester, Cyber Lab Manager, 6point6