In the rush to get everyone set up and ready to go, it’s understandable if you have forgotten about one vital aspect of homeworking, i.e. cyber security.
At Blue Rock, we are here to assist you with all cyber security matters. We can provide training and advice for your employees so that they are knowledgeable about the cyber threats which they may be exposed to while they are working remotely.
We can also work with you to develop your information governance procedures and processes, so that your people are clear on what they can do, what they can’t do and what they need to do to best protect your company’s data.
In today’s blog, we are happy to share some advice with you. However, if you need more assistance, please get in touch with Blue Rock’s Managing Director Lorraine Mills, email@example.com
- Use complex passwords
It’s more important than ever to make sure that all user accounts are protected with complex passwords.
If your people are using the same password across multiple accounts (for example, their Facebook profile and their workplace network login) then there is increased risk of a hacker being able to gain access to your network and steal your data.
Passwords should be unique for every account – particularly for your business accounts – and should include upper and lower case letters, numbers and special characters.
At Blue Rock, we can train your people on easy ways to remember complex passwords. We can also employ white hat ‘ethical hacking’ techniques to uncover any password weaknesses across your organisation. That gives you a focus to strengthen these passwords so that it is more difficult for hackers to crack them.
- Set up two-factor authentication
Having a complex password may not be enough if, for example, your credentials have already been leaked in a data breach without your knowledge. At Blue Rock, we can tell you if this is likely to be the case and can advise on what to do either way.
Two-factor authentication/verification involves adding an extra step to your network log-in process, thereby adding an extra layer of protection. The extra step could be responding to an automated e-mail or text message, or else it could involve a biometric confirmation method such as facial recognition or a fingerprint scan. It also may involve asking your users to key in a unique pin number from a USB or security fob device.
Whatever solution is best for you, we can provide advice and can help you to implement the technology across your environment.
- Change the password on your router
It’s worthwhile asking your employees if they remember changing their home router’s password when they first installed it. If they didn’t, or they don’t remember, then they certainly won’t be alone. It’s important to remind them that they should take steps to protect their home network in order to prevent cyber criminals gaining access to their connected devices.
Changing their home router’s password is a good first step, but there are other actions they can take. For example, they should make sure firmware updates are installed so that security vulnerabilities can be patched.
- Install updates regularly
Updating software and apps can be a pain. However, it’s important that your people action these updates as soon as they become available to make sure they are not exposed to any new vulnerabilities that have been discovered.
The good news is that your team will often be able to schedule updates so that they take place automatically overnight, so there doesn’t need to be a slowdown of productivity during the daytime.
- Back up your data
There are lots of different ways in which your data can be lost (e.g. human error, outright theft, physical damage or through a cyber-attack) which only hammers home the point that it is vital to have a reliable and robust backup strategy in place.
While hardware backups are still an option, one of the most convenient and cost-effective ways to store your data is in the cloud. We can provide advice on this area, in partnership with NVT Group.
Ask us about the Viia private cloud platform, which you can adopt as a complement or alternative to your existing backup solution. Viia offers you greater control over where your data resides – incidentally, Viia’s UK data centres are all located in the UK – plus there are no data ingress or egress charges, meaning you only pay for the space you need in the Viia cloud, for as long as you need it.
- Stay vigilant and be aware of phishing attacks
One thing which can be said about cyber criminals is that they are opportunistic. Thus, with the sharp rise in the number of people who will be working from home in the coming weeks, there will certainly be crooks out there looking to capitalise on the situation. So it’s highly likely that phishing emails will target remote workers in a bid to steal their personal information or gain access to company accounts.
Naturally, it’s easier to spot a phishing attempt if you know what to look for. Your people should double check the sender’s email address to look for any obvious inconsistencies. Also, they should keep an eye out for poor spelling and/or grammar in the subject line and email body. Be extra vigilant when checking email addresses that they are exactly what you are expecting, an example of techniques that are used by attackers. If for example you are expecting an email from firstname.lastname@example.org and the email arrives from email@example.com then this shouldn’t be opened. This technique is commonly used by attackers.
A great tip is to use the mouse to hover over any hyperlinks, so that the URL can be seen. As a rule, if anything doesn’t look 100 percent right, it probably isn’t – and if you’re unsure whether or not it’s safe to click, then please don’t.
Sky News has already reported malicious phising emails posing as communications from the World Helath Organisation. These are being sent with embedded hyperlinks, purporting to be important updates regarding the virus, which when clicked lead to the device being infected with malware.
The UK’s National Cyber Security Centre(NCSC) has stated: “Individuals in the UK have been targeted by these coronavirus-themed phising emails, with infected attachments containing fictitious safety measures.”