Could working from home introduce new cyber risks to your business?
During the coronavirus crisis, businesses have been working exceptionally hard to get their people working from home as quickly as they can – often in stressful and challenging circumstances.
Unintentionally, these actions could have increased the risk of cyber threats to your business.
No matter how big or small a company you are, you want to make sure that people are as safe online as they are when physically protecting themselves against viruses. Unfortunately, working from home is wrought with potential cybersecurity issues.
How can you mitigate the risks of data being stolen, passwords being hacked, systems being hijacked, or other cyber risks? Or even just make sure your employees are working as effectively as they can be?
Here are some issues that could arise from people working at home when they don’t normally – and how you can help them to secure their working environment against cyber threats in these unprecedented times.
By doing so, everyone can continue to work as normally as possible until the threat of coronavirus subsides.
The threats spelt out
Physical theft might decline during the current coronavirus pandemic, with members of the public confined indoors for long periods of time. However, the threat of online crime is only likely to increase with more and more people hitting the internet all day, every day.
Here are some of the main things to consider when it comes to protecting your staff and your business online:
1. Home network security.
How do you know your employees have good security on their home network?
Here are some hints and tips on protecting a home network:
- First off, make sure they have changed the password (from the default one supplied) on their router. Follow these instructions on how to do this for BT, Virgin, TalkTalk or Plusnet. Other providers have instructions to follow online, but if in doubt, your homeworker can contact their broadband provider to ask for advice.
- Do they have a hardware firewall installed on their router? Software firewalls on devices would be recommended anyway, but hardware firewalls provide an extra level of security if enabled.
- Ensure that the Wi-Fi password on their home router is sufficiently strong enough – a minimum number of characters, and a minimum level of complexity.
- Aside from devices used for work, what other devices do they have connected to the network? Are those devices secure, or do they have no password (e.g. a coffee machine, a washing machine)? Believe it or not, devices like these can be hacked to silently allow control of a home network – so they are worth pointing out to homeworkers as a potential security threat.
- Get homeworkers to change default passwords on all devices where possible, and make sure they are suitably strong (long enough and complex enough not to be easily guessed). It’s worth doing for their own security, regardless of whether they are working from home or not.
2. Using personal devices.
- If people are working on their own PC, laptop or iPad, make sure they have updated their operating system software (e.g. Microsoft Windows, Apple iOS) on a regular basis. Security patches are crucial for avoiding common exploits on PCs.
- Ensure that they have appropriate, trusted antivirus software installed. Free antivirus software is available from the likes of Avast, Avira and AVG, but it’s also worth looking at the likes of Norton, McAfee, Kaspersky, Sophos, Symantec and other paid-for software.
- Ensure software firewalls are turned on. Microsoft has an in-built software firewall in supported versions of Windows, and some of the antivirus providers listed above have optional firewalls and other security tools.
3. Scams - from phishing campaigns to homeworker scams
Common threats include:
- Phishing emails. This includes emails asking users to login to accounts, such as their Microsoft Office 365 account or another trusted service they use for work. Make sure workers are on their guard. Let them know that they should never give out work username or password details to anyone. Get them to check the email address they have received the email from carefully, and check for grammar, punctuation or spelling mistakes.
- ‘Vishing’ and ‘smishing’ – these are similar to phishing emails. They are voicemail or text messages designed to sound/look like they are from legitimate official sources (e.g. banks or HMRC). Ensure employees are on their guard for these, and again, make sure they don’t volunteer any information.
- Financial crime and ‘CEO fraud’. These are emails circulating that look like they have come from an internal employee, such as a Finance Director or senior management member, allegedly authorising large payments to be made. There are tell-tale signs (such as slightly misspelt email addresses, grammar and style, punctuation, email signature changes) that everyone should look out for – especially staff working in finance or accounts departments that are now working from home.
- Homeworker scams. Largely targeting workers in the ‘gig economy’, these ask for personal information and payment up-front to join a work scheme. Personal details and money are stolen in these circumstances, without any actual work being offered. Freelancers are particularly susceptible to this threat and should look out for legitimate sources of work and research the company offering work before parting with any details or money. This threat is only likely to increase with more people looking for additional work while at home.
4. Homeworkers or members of the public stealing company information
Most employees are trustworthy, but some will see this as an opportunity to profit from being ‘out of sight, out of mind.’ Equally, cybercriminals accessing devices might steal information from your software systems if they can control a device that is connected to them.
Avoid this by:
- Recording any activity or interaction with crucial software systems (e.g. your CRM software)
- Getting users to connect to a company VPN service, so all traffic can be monitored and secured. This will also protect resources on your company network.
- Getting your IT department or consultant to lockdown services so data can’t be exported or saved to local computers, USB pen drives or other physical media.
- Having a digital record of what employees do, to help you to protect your company’s assets and intellectual property.
5. Laptops or other equipment being physically stolen.
If people are using their own equipment, theft remains an ongoing concern. As the situation with coronavirus changes and life gets back to normality, physical theft is a concern if company information is on any device.
If staff using company equipment, you’ll also want to make sure it is returned to you when people return to their normal working environment.
- Make sure any device has a lock screen enabled and a secure password on any account needed to unlock the device.
- You can encrypt PCs and laptops using Microsoft’s Bitlocker software, which works on certain Windows 10 devices, for example. Or you can use other tools such VeraCrypt for the same purpose. This will stop unauthorised access to data on the hard drive of a device that is stolen.
- Physical locks such as a Kensington lock can stop a device being stolen from a shared workspace.
- Ensure you have an inventory of any business devices leaving your premises before homeworkers take it with them or have it delivered to their home address.
Protect against the risks
While these hints and tips can give you an idea of some of the issues your business might face with users working from home, they are only part of the rapidly changing cybersecurity landscape.
We offer cyber liability insurance to help protect against some of the threats mentioned here, and in times like these, it is worth considering the financial impact on your business if data is stolen or systems are hacked.
Bollington wants to protect all businesses wherever we can during these exceptionally challenging times. If you would like advice on protecting against cyber risks with insurance – an ongoing threat that has only become more prevalent in the current circumstances – then please give your account manager a call.
We’re here to help and assist, especially where businesses will not have encountered staff working from home before. Do feel free to get in touch with us if we can help you in any way.