Cyber Security at home during Covid-19
One of the key measures to reduce the spread of Coronavirus COVID-19 is social distancing, which for many organisations means encouraging – or instructing – staff to work from home.
But moving at short notice from a trusted office environment to working remotely can create security risks. On top of this, nasty opportunist crooks are already using the coronavirus as subject matter for their phishing scams, hoping that the unwary will click through and hand over passwords or other data.
Awareness and preparation are both vital. These are our tips on how to stay safe online:
- Secure Wi-Fi connection. Most Wi-Fi systems at home these days are correctly secured, but some older installations might not be. With an insecure connection, people in the near vicinity can snoop your traffic.
- Fully updated anti-virus system in place.
- Up to date security software. Security tools such as privacy tools, add-ons for browsers etc need to be up to date. Patch levels should be regularly checked.
- Remember to back up periodically. All important files should be backed up regularly. In a worst-case scenario, staff could fall foul of ransomware for instance. Then all is lost without a backup.
- Lock your screen when you finish working. This will avoid any members of your household or family accessing files.
- Make sure you are using a secure connection to your work environment.
- Check if you have encryption tools installed.
Things employers can do:
- Provide initial and then regular feedback to staff on how to react in case of problems. Whom to call, hours of service, emergency procedures and how they evolve.
- Give suitable priority to the support of remote access solutions. Employers should provide at least authentication and secure session capabilities (essentially encryption).
- Ensure adequate support in case of problems. This may require setting up special rotas for staff.
- Define a clear procedure to follow in case of a security incident.
- Ensure that access rights and permissions are in place for all sensitive data
Covid-19 Phishing Attacks
It is important to step up awareness of digital security during this time as we have already seen an increase in phishing attacks. We recommend, as far as possible, to not mix work and leisure activities on the same device and be particularly careful with any emails referencing the coronavirus. Attackers are exploiting the situation, so look out for phishing emails and scams.
In the current situation, one should be suspicious of any e-mails asking to check or renew your credentials even if it seems to come from a trusted source. Please try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments.
- Be very suspicious of mail from people you don’t know – especially if they ask to connect to links or open files.
- Emails that create an image of urgency or severe consequences are key candidates for phishing – in these cases always verify via an external channel before complying.
- Emails sent from people you know but asking for unusual things are also suspect – verify by phone, but not the one in the email, if possible.
Sampson Hall are available to discuss any of your security issues, whether that be related to GDPR and Cyber Security or organisational issues. We are delighted to have a conversation especially during these challenging times and help wherever we can.
Share this post