In just over a year, businesses have adapted quite well to working from home due to the pandemic. However, remote working has also meant more businesses are needing to digitise their systems and operations. Any increase in digital capability and connection is also an increase in the risk of cyber and spam attacks.
Here’s 4 simple steps for businesses to stay cyber-safe.
The risk of WFH
According to the government’s Cyber Security Strategy released last year: “malicious cyber activity is one of the most significant threats impacting Australians.” Between 1 July 2019 and 30 June 2020, the Australian Cyber Security Centre responded to 2266 cyber security incidents.
A recent article by BBC News has also reported that working from home has increased our cyber-security risks with one IT boss saying: “We see tens of different hacking attacks every single week. It is never ending.”
“In the rush and panic to set remote working practices up, even simple data protection practices were ignored.” – Christine Sabino, Senior Associate at Hayes Connor.
When passwords aren’t enough
From some employees being sent WhatsApp messages from people asking for money transfers while pretending to be their managers, to hackers tricking people into downloading viruses and demanding ransom – it’s clear cyber-safety is more necessary than ever before.
Whilst it’s true that businesses have a better understanding of cyber risk than they did a few years ago, most employees have still not received any training on cyber threats or training on how to protect themselves against security breaches.
“It’s perhaps the most important time to pay attention to your online history, specially as everyone is using all sorts of digital tools to stay connected” – Mike Vasavada, Mobiddiction CEO
At Mobiddiction, we take a number of measures to ensure our systems and our team is as protected as we can be against cyber attacks.
We know it seems simple enough, but we cannot stress the importance of having secure and regularly updated passwords. They are your first line against cyber-criminals and must be taken seriously. Make sure employees don’t choose something that can be guessed too easily – so no pet names or favourite football teams. Of course it can be difficult to remember new passwords for all web accounts, that’s why we are big fans of 1Password, which manages your passwords over a number of accounts.
Mobiddiction tech director Iain also recommended enabling 2FA (2-factor authentication) where ever possible.
There are a few common forms of 2FA, with differing levels of security, but all of them are more secure than not using them. PayPal only offers SMS 2FA right now – which is perhaps the least secure common option because an “attacker” can call up your phone company and try to convince them to allow access to you account, or set up a new SIM (this happens way more often that you’d expect and is much easier than most people think) – so be careful. You can read more on keeping devices secure here.
2. Know the difference between fishing and Phisphing.
Fishing is the fun thing kids do with their dads. PHISHING on the other hand refers to fake messages that try to trick you into giving out your personal details.
As we mentioned earlier, anyone can fall victim to phishing and spam emails are becoming harder to identify. Spam comes in all shapes and forms, so it is important to stay alert. Employees should be aware of anyone asking for details such as DOB or bank account details etc. If anyone on your team does receive a suspicious message, they should not click on any links or open any attachments. As a business it is important to train your employees to understand these details and to ensure they report anything suspicious activity right away.
3. Update everything!
Yes we know it can be a drag, but making sure all employees are keeping their software up-to-date really is one of the easiest ways to protect businesses online.
These updates add new features, install bug fixes and fix security holes that could let cybercriminals in. Let employees know that they should not install third party software, unless you are absolutely sure it’s fine. Some programs can actually install applications that can hack into laptop cameras, so be aware. There are also safety measures your team can take when backing up their work and restoring files, whether that be to the businesses main system or the cloud. The Australian Cyber Security Centre offers some great step-by-step guidelines on their website, which is worth taking a look at.
4. Be wary of the Wi-Fi networks you use
Employees working from home may access sensitive business data through home Wi-Fi networks that do not have the same security controls (like firewalls) used in offices. As more connectivity happens from remote locations, it means businesses need to have a greater focus on data privacy, and hunting for intrusions from a greater number of entry points.
Anther point to remember is that it is completely understandable that working from home can be a bore, so many employees will find themselves wondering out to work at a cafe. However, unless they are using their phones for data, they are opening yourself up to the dangers of public Wi-Fi.
Without the right protection, cybercriminals could see confidential information, so it’s important that you try limit any activity that would require employees to send or receive sensitive information.
Our biggest piece of advice would be for you to update your current company cyber-security policy and take all the necessary to avoid being cyber-attacked as it not only causes damage, there are lot of obligations about data security and privacy for Employers too . If you need any assistance and advise on some of the tools and what has worked for us, we are happy to share. Please get in touch with our team at Mobiddiction.