13 May 2020
Managing business cyber risk when working remotely
As we move down the scale of alert levels people will begin to return to the workplace in some form of normality. However in order to comly with social distancing at work, many businesses will still need to have some of their staff working remotely.
Unfortunately this provides perfect conditions for cyber criminals to take advantage of the opportunities that Covid-19 disruption presents. Unlike many businesses at this time, cyber criminals and their business models are thriving, with Covid-19 for cyber-crime likened to the holiday period for burglaries.
So, what can you do to ensure your business remains as secure as possible?
Below are some simple steps you and your employees can take to minimise risk, and help to ensure that your systems remain operational and you protect your clients' data and your own data from loss or exposure.
Protecting against phishing and other social engineering attacks
Remember that technical defences, while good, can’t fully protect you or your business. Attackers know that employees are often a weak link in security and will most often target them.
- Beware of unexpected multi-factor authentication requests if you use this form of security. If you receive a request to approve a connection you did not start, do not approve the request, check with the source (via an alternative channel) and report it.
- Don’t click on unknown links or open attachments.
- Beware of emails that relate to breaking news or other urgent messages that entice you to act now.
- Visit only trusted websites for information on the pandemic. Beware of sites advertised in social media posts or sites luring visitors through urgent or inflammatory messages.
- Don’t allow family members to use your company equipment for personal use, which can expose the system to unexpected browsing activity.
Sharing data and collaborating
- For internal and external collaboration, conferencing and file sharing, only use company approved file-sharing and collaboration tools.
- Don’t email data to personal email accounts or transfer data to unapproved portable storage devices (for example USB memory stick).
- Don’t email unencrypted sensitive data to external parties. If you send an individually encrypted file, secure it with a strong password, and do not send the password by email.
Protecting data on remote networks
- Use secure, known networks including a company-provided VPN wherever possible.
- If you or a family member has the technical ability to do so, ensure your home Wifi router is protected with the WPA2 or WPA3 encryption setting; ensure your router/modem and internet service provider (ISP) portal are configured with a strong, unique password; and enable software updates for all routers and modems.
- Ensure all software is up to date, automatic updates can be turned on in the general computer settings areas of all laptops/PC computers.
- Ensure critical business data is backed up, stored and easily recoverable; using external or cloud based service providers is the safest practice.
- Ensure your staff are trained and aware of cyber risks.
We’re here to help
One of our core responsibilities as a broker is to ensure you have all the information you need to make informed decisions about the risks your business faces. With the effects of coronavirus being felt in a number of ways by our clients across the country, we wanted to share some advice to help you protect your business during this difficult and unprecedented time.
We hope you find the information above helpful, if you have any questions or if you would like to speak to us regarding cyber insurance please talk to your broker.