As the Coronavirus pandemic continues to force many businesses into difficult financial positions, the threat of cyber security is often pushed to the back of owners’ and employee’s minds. However, with so many employees now working from home and using personal devices for work, the threat to businesses from cyber attacks and cyber criminals is on average far higher than it might have been previously.
In this article we explain some of the key risks to businesses that have increased due to the Coronavirus and some of the steps employees and business owners can take to minimise their impact.
Phishing attacks are all about social engineering, and the spread of coronavirus is the perfect opportunity for hackers to impersonate government bodies or healthcare institutions and exploit people’s fears and concerns about the development of this virus.
Some of the consequences of falling for one of these phishing scams are stolen passwords, compromised business emails and the downloading of malicious files onto devices which might lead to a ransomware attack.
During this time of uncertainty, hackers know that people are looking for advice and health information on the spreading of the virus. By impersonating sources that people trust, hackers know that the likelihood of someone clicking on an email is high. It is therefore very important to understand your staff's vulnerability to phishing and train them to detect these emails. Bewica's phishing training educates your staff on how to spot phishing emails.
Home networks generally have a wide variety of devices connected to them. In an office environment, the only devices you would likely have connected are smartphones, printers and laptops or computers. In a home environment, additional devices could include video-games consoles, security cameras, smart TV’s and IoT devices such as light bulbs and thermostats.
The more devices that are connected to a network, the higher risk of one of these devices having a vulnerability which allows hackers to gain access to your network. With such access, hackers could monitor your internet traffic and gain admittance to anything un-encrypted such as company emails and communication, and potentially even bank account details and login credentials.
If you think you have received a phishing email, it is important not to reply or click on any links. You should always confirm the identity of the person through another method of communication such as phone or company instant messaging. Never transfer funds using bank details provided over email without verifying them with the recipient over the phone. Bewica's phishing training educates your staff on how to detect phishing emails.
Passwords are the key to accessing all your data, therefore the use of strong and secure passwords is essential to ensuring your information remains confidential and safe.The National Institute of Standards and Technology (NIST) has proposed the following technique to create easy to remember, strong passwords:
Use passphrases instead of words. For example, memorise 3 words that are easy for you to remember, replacing some letters for numbers and adding special characters, which as a result will generate a hard-to-guess, but easy to remember password. Bewica helps you implement a strong password policy through our IT Policy configurator which follows best practice. A strong password policy gives guidance to your team to enforce the use of strong passwords which are more resistant to hacking attempts. You can also read our article on locking up your organisation with strong and secure passwords here.
Using 2FA on all your critical applications (email, messaging, banking etc) will help prevent your accounts from being hacked.
To find out if the applications or web services you use support 2FA, we recommend searching for them on https://twofactorauth.org/. Our portal subscriptions includes a tutorial on how to implement 2FA for your emails centrally, which is also a requirement to obtain the Digitally Aware certificate.
If you use Windows 10, you should make sure to turn Windows Defender on to be protected against malware in your computer.
Alternatively, you can use another reputed antivirus. Here is one source that tests the performance of different antivirus programs across operating systems.
Change the default name of your home Wi-Fi, change the default password to a unique and strong password and enable your Wi-Fi encryption (WPA2).
A VPN works like a tunnel, so every time you log in to an application your information will be encrypted.
See more recommendations regarding VPN’s on the NCSC website: https://www.ncsc.gov.uk/collection/mobile-device-guidance/virtual-private-networks
Aimed at a non-technical audience, our cybersecurity portal helps you prevent cyber attacks by reducing your risk by up to 80%. If you are curious about how our portal can help you stay safe from digital risks and the most common cyber attacks, start by creating your free account today.