04 May Your Covid-19 IT security guide
As the coronavirus pandemic continues to develop, working from home for non-key workers is no longer optional: it is compulsory. The transition to full-time home working was sudden, and for many workforces it is a new and unwelcome change. Remote working presents many logistical issues for those companies that haven’t already bred it into their culture and, for many, the last few weeks have seen a flurry of identifying the right equipment, implementing collaboration software and generally learning to be indoors all the time. Is compromised security a consequence of coronavirus? The media have published a lot of articles warning of increased cyberattacks – the criminals are trying to take advantage of the coronavirus crisis disruption. Organisations are falling victim to cyberattack across the world: the US Health and Human Services Department suffered an attack on its computer systems a few weeks ago (source: Bloomberg) and online bookmaker SBTech had its sites taken offline by hackers over the weekend (source: iGB).
For SMBs, a survey (cited by TechRepublic) ranks cyberattack as the biggest data protection concern today. Employee awareness is key for the safety and security of any business. Educate staff regularly on what to look out for: particularly Covid-19 scams like spear phishing emails (what is this?).
The NCSC.gov.uk (cited by information-age.com) advises that “home workers must be careful to spot phishing scams -especially those using coronavirus at the moment to seem legitimate”. Use of Covid-19 in a spoof or phishing email is there to make it appear urgent, official, must-be-obeyed. And of course, no, it isn’t Businesses should give employees access to a virtual private network (VPN) so they can create a secure connection, and workers should be made aware of the risks of unsecure networks.
Good password hygiene is also vital. We would suggest that employees use a password manager to generate complex passwords and enable multi-factor authentication where possible. While much of the current focus is around ensuring that staff are secure, it is important not to forget about the organisation itself. Businesses should lay groundwork for employees by implementing the right security solutions.
Here are 6 tips on how you could handle your passwords:
1 Make them complex. People who use easy to remember or short passwords are inviting disaster. Use a little imagination and pick a password that is very difficult to attach to your life. Stay away from birth dates, phone numbers, house numbers, or any other number that is associated with your life.
2 Keep passwords unique. When you change your passwords, make them distinct from each other. Do not use the same password on all of your sites. If you do, then you are open to having every site that you have a password to being vulnerable to hackers – they will log on and steal your identity, money or destroy your reputation.
3 Be obscure. Use a combination of letters, Upper-Case and lower, numbers, and special characters if possible. The more you do this, the more secure your passwords will become. Create an alphanumeric version of a term you can remember. Using this technique the word “Spaceship” becomes “Sp@ce5h!p”.
4 Change regularly. This is the singular tip that can save you if you do not heed any of the other tips. How often should you change your password? How secure do you want to be? The frequency with which you change your password will determine how secure you are from becoming a victim. The more often you change it, the better you are. The longer you leave it the same, the more vulnerable you become. Three months is a good cycle for a password, but certainly if you fear for the security of your identity, then a monthly change is not out of the question.
5 Password-protect your PC. Be sure to give your PC a password on power-up. This will help protect your files if anybody attempts to access your computer.
6 Password-protect your wireless home network. If you use wifi at home, be sure to password protect it as well. Use the same principles above in order to secure your wireless network. This will prevent others from accessing your connection and using it to hack the personal or business computers you and your family use at home. Finally, there are password programs that can help with this vital task, but at the very least, heed the tips above – right away. Password software can be useful as an organisational tool, but is best used alongside sound methods to manage and make your passwords nigh-on impossible to crack.
Phishing emails – when an employee is tricked into revealing personal information or clicking on a malicious link – are used widely by cybercriminals. The Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey 2019, highlights that of the 32% of businesses and 22% of charities reporting a cyber security breach or attack in the previous 12 months, 80% of businesses identified a phishing attack as the most common cause, and charities put the figure at 81%. In addition to phishing, there is vishing (with the fraudulent message conveyed via phone or voice message), and smishing (where text messages carry the criminal messaging), and pharming (which sees cybercriminals pointing to fake websites set up to resemble genuine sites).
Staff training, training, and more training is a vital weapon in the fight against cybercrime. But, one of the main problems with dealing with phishing type attacks is that it’s human nature to try and please and do one’s job well – and particularly when in a busy office environment, and if the request seems to come from a colleague, or the boss. So layering security services is essential. Just as cybercriminals are continually developing methods of attack, so the solutions and services from the security industry are continually evolving to counteract the attacks. Contact us now to find out how we can help you with advice that can keep your business safe both during this unique situation and in the long-term. An all-in-one cloud solution like Microsoft 365 Business can offer all the necessary productivity tools to support employees working from home, fully supported by advanced security features and protection against real-world threats. Microsoft 365 Business offers increased security options such as: • ‘Secure Score’ checking to monitor and improve your business security • Multi-factor authentication • Increased protection against malware in email • Spam filtering and anti-phishing functionality The full security benefits offered by Microsoft 365 Business can be found here. If you are using Microsoft 365, or another Cloud-based suite do check that you have ‘turned on’ all the relevant security features for your business. If you aren’t yet using Microsoft 365, talk to us today to find out how it can give you and your business peace of mind.
Stay safe everyone, if you need any advice on technology, IT or telecoms please reach out at ABCOM IT Solutions