By Paul Williams, Managing Director
With an increasing number of people working from home at the moment, we can expect an increase in the number of cyberattacks and scams. For many of us, the daily commute has transformed into a trip upstairs or to the dining room table, but it’s really important to ensure you’re still clued up about how to avoid potential cyberattacks.
I’ve answered some of the most common questions I’m getting through from clients at the moment.
Q. What sort of scams can we expect to see at the moment?
A. Pre-Christmas, we all saw the typical courier delivery scams, which tempt the unwitting recipient to click a seemingly genuine link to a malicious website and enter personal details. This all hinges on our disposition to panic under pressure – a delayed delivery prior to Christmas may mean disaster. This panic offsets our normal calm and collected demeanor. Our planned delivery is via DPD, so why is this email from UPS? Suspicions aroused; it doesn’t take long to realise this is a phishing attempt. The email is quickly marked as junk and deleted, preventing a different type of disaster.
At this time however, be prepared for an influx of emails masquerading as the World Health Organisation or from “@gov.uk”. Phishing emails quickly morph into contextual references, which is why it is so important to be alert to the ways in which cybercriminals may use the current situation to take advantage of people. It’s the same scam, re-skinned to allow the criminals to tap into our priority issues right now and bypass our normal rational thinking.
In order to give yourself the best protection against phishing attacks such as these, it’s vital that you and your colleagues have an awareness of cybersecurity and are alert to the possible ways in which email can be used as a threat against you and your business. Check out this infographic from the National Cyber Security Centre. It’s also worth checking you have up to date malware protection on the devices which are being used for business, at home. Your home internet router also needs up to date firmware and its password should’ve been changed from the manufacturer’s default, to be as secure as possible.
Q. What can employers do to help ensure cybersecurity when employees are working remotely?
A. While, understandably, many employers will be focused on continued service delivery and productivity, it is as important as ever to ensure that cybersecurity remains on your radar. Take time to regularly communicate security-related messages to your staff. Educate them on how to avoid, identify and escalate a potential security threat, embedding this within your workplace culture. Perhaps this is something that already happens within your business but if not, now is a perfect time to begin.
At this time, productivity and keeping the business moving may be the core focus, but don’t allow security to slip down the list of priorities. Your business maybe making use of hardware that hasn’t been pre-vetted or doesn’t comply with your normal rigorous security standards purely as you need your staff to be productive whilst away from the office. It’s good to be pragmatic at times like these, to strike the right balance. However don’t deviate from ensuring devices which connect to your network adhere to a basic security foundation, for example running a supported version of Windows 10 with up-to-date malware protection (Windows Defender is fine).
Business insurance which covers this fallout from this pandemic maybe unusual from smaller businesses, but it’s worth checking the small print and speaking to your insurer to see if you have appropriate business interruption cover. Likewise, given the higher risk situation we’re in, check your cyber policy wording also.
Q. What practical tips can employees use to improve their safe cybersecurity?
A. Be aware of the risks. Email remains the most common method of compromise for SMEs. As users of our employer’s IT environment it’s important end-users take advantage of any cybersecurity awareness training offered by their employer.
It’s also worth swotting-up generally. Take a look at the NCSC’s Stay Safe Online Top Tips for Staff online training module here.
It’s really important to be suspicious and understand how possible threats should be flagged and reported within your business. Good businesses open up the communication channels between their IT provider, department or person with IT responsibility and their staff, to ensure any and all potential breaches are reported and investigated in a timely manner. It’s not unusual for people to renege on telling colleagues that they may have fallen for a scam by clicking on that dodgy email link or entered their password or other details into a website they thought was genuine. Encourage staff to escalate any issues to the relevant person so that these can be dealt with promptly.
Q. How can I begin improving cybersecurity across my business?
A. Whenever people ask me this, my answer is always the same; keep it simple. Standardise your infrastructure so that everyone has the same protections and software in place. It’s also advisable to take advantage of the security suggestions and tools offered within your chosen platform.
As Microsoft Silver partners we advocate the Microsoft Office suite of tools and Microsoft 365 offers a host of security capabilities, including device management, conditional access and compliance tools. These are particularly helpful to those of us with small and medium-sized businesses, as they offer quality security systems and capabilities on a manageable budget. The extra protection these tools provide can go a long way to countering the threats we’re all exposed to whilst doing business online.