COVID19 has created a significant amount of change and upheaval to businesses globally. To add to the complexity, most companies have been forced to adopt remote working policies to help ensure the safety of their workforce, even if they didn’t previously have the capabilities. During these tense times, many businesses have had to cut costs wherever possible.
However cyber criminals are not reducing their budgets any time soon. There has been a huge increase in the volume of attacks – 51% of organisations have been impacted by ransomware in the past 12 months, with 82% of organisations experiencing downtime from an attack. The time to be lax about cyber security is certainly not now.
Cyber attackers regularly exploit times of confusion or global issues to conduct cyber-attacks and email phishing campaigns. They assess how well organisations secure their networks to identify vulnerabilities in infrastructure and defences, which they use to improve attack methodologies. With so many people over the world working from home, more security is needed as employees use less secure networks from home.
So, what are T-Tech’s key takeaways in protecting your network from security breaches?
With employees working remotely in unprecedented numbers, potentially exposing their business to greater risk, cyber resilience strategies along with cybersecurity awareness training will be critical to keeping the business operating efficiently.
One of the biggest causes for falling prey to cyber-attacks is people; if an employee unknowingly opens the door to cyber criminals by clicking a phishing link then its game over. Introducing monthly training is the easiest way to teach staff about the risks and cyber-attacks and how best to spot misleading emails.
Sending regular emails reminding staff of examples of threats will educate your staff on best practice, and what to be aware of. Only having best in class security malware is just one part of the solution.
Enforce strict password policies
Re-using the same password is a common thing to do, yet a major security risk. For example, if a cyber-criminal manages to obtain Tom from Payroll’s Sainsbury’s online shopping password through a phishing attack, they can easily use this password to try and hack his online banking and other accounts. What if Tom uses this same password for his work payroll system?
T-Tech top tips:
- Make sure passwords are complex, using all special characters, numbers, caps
- An expiration schedule will ensure users have to change them regularly
- Create a rule so users can’t set the same password more than once
- Add restrictions to lock an account after a certain number of failed login attempts
- Enable two-factor authentication
Test the resilience of your networks
Penetration testing is a great way to test the resilience of your own networks. Pre Covid19, Infrastructure Penetration Tests are usually conducted by internal IT teams or an external consultant to assess how well your network can defend itself against hackers. Usually in the office, you are connected to one secure network, yet when remote working, every employee has their own independent WiFi connection. This means that employee’s vulnerability is much higher. Obviously it isn’t feasible testing each individual’s network. But there are other things you can do to stay cyber resilient at home.
T-Tech’s top tips:
- A VPN (Virtual Private Network), while useful for online privacy, can also protect your traffic from being intercepted by hackers. This virtual internet tunnel encrypts your internet traffic to ensure that any data shared with your company’s network are safe from attackers.
- Keeping work data on your work laptop - If you have efficient IT help available to you, they will most likely be installing regular updates, running antivirus scans, and blocking malicious sites. There is a high chance you have not followed the same protocols with your personal computer. This is generally less safe for work because it could be compromised by a third party. So if you have a personal machine, make sure you are not using it to store confidential work files too!
Before it’s too late…
The approach to cybersecurity needs to evolve as we see cyber-attackers are taking advantage of even the biggest businesses during this uncertain time. Low level security defences are no longer good enough; businesses need to be thinking about how to protect themselves now and in the future. Cyber-attacks are becoming more intricate and complex, so even if you start with changing your companywide password policies, the urgency for change needs to be recognised and acted upon.
Join the discussion.
We are running a Cyber Security Webinar on what is happening to businesses right now in the UK surrounding security and hacks. Sign up for free and hear from a Cyber Griffin and Met Police representative about the impact and reality on your business.