The COVID-19 Level 3 and 4 lockdowns mean that a number of businesses are working remotely and will have increased vulnerability to systems being attacked. Cyber attackers are implementing new techniques and tactics specifically designed to take advantage of the opportunities that the COVID-19 disruption presents.
Remote working also brings a host of cyber security related issues, so it’s important that everyone is aware of the risks and take necessary precautions. The attached remote working guide is provided by CERT to assist in setting up remote working.
With more and more people working from home Employees should also be considered a key part of an organisation’s IT security as they are often the first line of defence.
The following tips are for Employees working from home:
When working remotely, emails become an even more important communication channel. Cyber criminals are leveraging COVID-19 and there have been attempts to impersonate official health institutions to deliver malware. Do not click on any suspicious attachment or link before checking the legitimacy of the sender.
More vigilant about unexpected emails
Be extra cautious about suspicious emails when on your phone. If you were not expecting a particular email, ignore it and look at it once you are on a desktop computer. That way it is easier to hover over the links and check the ‘sent’ address.
Software and updates
Ensure you have comprehensive antivirus installed on any devices you are using for business and keep all software including your browser up to date. Software updates are not only about the new features but they usually contain essential patches for security vulnerabilities that could lead to data breaches or cyber-attacks. Activate automatic updates on all remote devices to deploy patches as soon as your provider makes new versions available.
Enable two-factor authentication
Systems that require access from the internet, particularly important ones such as work-related systems, email, or messaging apps, need to be protected. Enabling two-factor authentication makes sure that attackers cannot get in if they have guessed your password or stolen your details.
Avoid unsecured Wi-Fi networks
Use trusted Wi-Fi such as your home network, rather than a shared space Wi-Fi. Most Wi-Fi related security incidents occur at cafes. Public Wi-Fi can be compromised, and your phone may be susceptible to malware and hacking attempts, which allows cyber criminals to access Attackers can intercept traffic in public Wi-Fi using an attack called person-in-the-middle (or sometimes man-in-the-middle), where they read or change, the data you are sending across the Wi-Fi.
If you still feel you can be more productive in a public environment and choose to connect to public wireless networks, always connect to a Virtual Private Network (VPN) before connecting to the Wi-Fi. This creates an encrypted tunnel between your computer and your work’s network protecting the files and data you are accessing.
If you have to work in a shared area, be aware of who is around you and make sure people are not watching you enter information over your shoulder. When having a phone call, check who is within hearing range and avoid talking about confidential information. Keep your devices in your possession/ control at all times. If you have to step away from your device, lock it and make sure it requires a strong password to unlock.
Despite many warnings and thefts over recent years, organisations continue to leave laptops in exposed places from where they are stolen. The cost and time incurred to replace the laptop may be put down to a ‘frustration’ but the loss of important data, often of a confidential nature, may have severe commercial and reputational consequences.
Some simple loss prevention measures for laptops are:
- Never leave a laptop in a position where it can be viewed or easily accessed from outside a building
- Never leave a laptop in an unattended motor vehicle. Lock them in the boot wherever possible
- Retain the serial numbers in case they are stolen
- Do not leave laptops in any unlocked unattended places
Additional assistance can also be found at CERT https://www.cert.govt.nz/business/.
All Companies also should assess whether their current cybersecurity measures are enough to protect themselves against cyber incidents such as data breaches, malware attacks and ransomware. Where some areas may be inadequate it should be considered if you can boost your security with the support of a Cyber Liability insurance policy.
To discuss your Cyber Liability insurance needs please contact Matt Noonan. Matt has considerable experience in placing Cyber Liability insurances through a multitude of Insurers, for a wide range of entities.
To find out more, contact your local adviser or contact Amicus today.