Protect your firm from cyber crime

There’s a false sense of security that comes from working at home all day (and assuming that all those around you are doing the same). We’re all in this together, we think as we see our neighbours eating breakfast with their laptops open in the flat opposite.

But there’s one subset of society that isn’t in this with us. One that’s leveraging the pandemic for their gain. And that’s cyber criminals. It’s estimated that cyber attacks have increased by 667% since the beginning of March.

I caught up with our security lead, Dave Wilson, to find out why this has happened, what the main risks are and what businesses can do to protect their data and their people.

Dave, what do you think is the biggest risk facing businesses right now?

There’s three key things, but I’ll talk about phishing first.

Employees are stressed and frazzled, therefore less vigilant. And people are being required to transfer sensitive information to access grants, loans and benefits they so desperately need right now. We’re receiving messages from the government, our supermarkets, banks and many other businesses about their response to COVID-19 on a regular basis. This creates a prime opportunity for cyber criminals to steal data, login details or credit card information through a phishing email or text.

The most common attacks include brand impersonation emails or social engineering, where a criminal pretends to be another person in your organisation. If they’re successful, they could gain access to the personal and financial data of your team, your business or, perhaps the most damaging, your clients.

So what’s the best way to protect against phishing?

It sounds simple, but this is all about internal education. Businesses should be taking the time to educate themselves and their teams on what a phishing attack could look like and the actions they should take if they receive them. They can be incredibly sophisticated these days and even the most savvy of employees could be fooled.

Okay, so that’s phishing. What else do we need to prepare ourselves for?

Well, due to the very rapid shift to home working, a lot of workers will be using personal devices. These devices most likely haven’t had the IT hygiene check that a business device would have, making them more vulnerable to malware. In some cases they could already have it installed.

And don’t forget about phone lines. A voiceover IP service is highly recommended so that your team don’t use their personal phone numbers. This puts them at risk of giving out sensitive personal data to those they’re calling. If an individual or organisation has their phone number, name and place of work, it doesn’t take much imagination to think of the damage that could be caused with that.

And what does an IT hygiene check involve?

Here’s a basic checklist that might be helpful. I suggest going through this list with each team member:

  • Switch on your computer’s built-in firewall
  • Use a private or home network (not a public network) to access the internet. If you’re unable to access a home network right now, tethering to 4G is another secure option.
  • Ensure antivirus software is available and used
  • Make sure all regularly used software is up to date
  • Add a VPN for an extra layer of security

So does that mean it’s okay to use a personal device if an IT hygiene check has been carried out?

I would always recommend using a business device where possible.

Anything else we should be aware of?

Yes. Something that is often overlooked and that’s the increased risk of physical burglary. Opportunistic thieves will be all too aware that many people are working from home with expensive business devices and leaving the house for exercise and/or food shopping each day. It’s important to be extra vigilant, so keep devices out of sight of accessible windows and lock your doors.

Also, take this opportunity to check in with your team early and often. Take time to evaluate your systems and the gaps in your processes that may be highlighted. Times like these provide an ideal opportunity to learn about your business and its cyber security approach.