The rapid spread of COVID-19 Globally has tested the IT competency of many businesses as staff work remotely during isolation or as a precaution. Unfortunately, not all are fully prepared for this rapid shift to remote working with a good percentage already back in the office or due back in the coming weeks. The need to respond quickly to support normal business activity can leave businesses and their employees exposed to increased cyber risks.
For Directors, here are our 5 top tips to keep cyber safe online:
1. Provide adequate Security Awareness training and make staff aware of the dangers of phishing emails and sites
The vast majority of cyber incidents start here. Cybercriminals will be using the outbreak of COVID-19 to ‘phish’ for new opportunities to steal information or gain access to company bank accounts or invoices. Make sure your staff have proper training so they can defend themselves and your business from this kind of attack. Make sure your IT support/security team/supplier has taken all the necessary steps to secure you and your remote staff and extended your corporate defences around them.
Level up your knowledge and test your skills with this free cyber training session we have created. It will be available until Sunday 28 June 11:00 pm (GMT +1). You’re also welcome to share the training with your entire workforce and we can provide you with the results!
2. Check email encryption because you are a target
Directed and socially engineered phishing, known as “spear-phishing“, is much more likely to be directed at you during this time. Be extra vigilant when communicating and transacting. Email is especially vulnerable. Your email service may be secure, but built-in email encryption relies on both sender and receiver to be capable of encryption (it’s called “opportunistic TLS“). Your email to weaker recipients may be intercepted, your writing style and email signature emulated, and your email domain spoofed. When communicating authorisation, especially financial, always follow up using a second form of communication (use an encrypted messenger or phone call to confirm critical emails, etc.)
A FREE tool you’re welcome to share with clients and colleagues is our FREE email encryption checker which focuses on a common weakness of unencrypted outbound emails. Simply send a blank email to email@example.com from your own business mailbox. Our autoresponder will reply letting you know of any weakness it finds on the communication. This information will remain private and secure. If your business mailbox is configured correctly you will receive a ‘STRONG ENCRYPTION’ response. Any other response will confirm any identified weakness
3. Know your cyber risks – Trust but verify
You will be relying heavily on your IT support/security team/supplier to do what is necessary to secure your data and your staff in this new paradigm. Weaknesses in your businesses defences may be more hidden now everyone has been working from home and as your employees return to the office in due course. Consider having a 3rd party cyber security assessment or audit those defences to make sure you are as safe as you think you are.
4. Review, update and test Cyber Incident Response and DRP
There has never been a better time to ensure your policies and procedures are fit for purpose. In recent weeks many may have been put into action for the first time, such as working from home policy for all staff, or identify in practice those in existence are out of date and aren’t fit for function. This can include your Cyber Incident Response Plan and Disaster Recovery Plan. It is advised that they are regularly reviewed and updated, however, based on recent events it would be advisable to complete a thorough review soonest to ensure they remain accurate and relevant. If you don’t have policies and procedures in place for cyber-related incidents or disaster recovery, our cyber engineers can provide the right guidance for and your business.
5. Secure and centralise data
The more dispersed data is, the more likely it is to be compromised. So, at the end of the day, delete any locally-stored sensitive data you no longer need. Keep it stored in the centralised storage space your company uses. It’s difficult to ensure staff are following these best practices as well but there are solutions to enable this safeguard to be more second nature to all staff. If you would like free guidance and advice on how to achieve this within your organisation, speak to our team within our Group Company, Riela Tech via firstname.lastname@example.org.
Most importantly, if you’re unsure about anything security-related, check! This list is by no means exhaustive. Use further tools to stay secure when working from home and take precautionary measures when you and your workforce return to the office.
Riela Cyber comprises cyber security experts that can provide guidance, services and support to further protect your business from cyber-based risks. If your company could benefit from further specialist advice to protect your business please contact: