Cyber-attacks have increased since the rapid implementation of remote working earlier in the year with more staff being exposed as criminals use deceptive emails and websites to capture personal information for duplicitous purposes.
Here are some tips on how to protect your staff:
Notify them of the risk
With the pandemic causing an increase in cyber threats, internet providers such as Google and Microsoft, are blocking millions of malware and phishing threats every day. While these measures provide some protection, it’s essential that businesses keep up to date on the current threats and also inform their staff about what they may face. There has been a rise in supposed-Government and World Health Organization emails asking for donations to support vaccines, information on grants and links to alleged track and trace apps. All of these threats can be averted through early notification to staff thereby protecting your network perimeter.
Teach staff to identify phishing attempts
Educating staff on how to spot a phishing attempt should also be part of your defence protocols. Cyber-security training is sometimes overlooked as there is an assumption your anti-virus software will catch all the threats, but that is not the case. More information needs to be provided to spot a different email address, website URL or poor grammar within a document, which could all suggest a malware threat. Use examples of phishing emails to demonstrate what they look like, how they are worded and other tricks criminals use to acquire their information.
Use two-factor authentication and encourage strong passwords
IT departments need to enable two-factor authentication to add an extra layer of security to decrease the threat level by 80% or more and keep business data safe.
Many people often use the same or similar passwords across multiple devices, platforms and systems which cyber criminals thrive on. IT departments should discourage the use of similar passwords and change the required structure of passwords. I have seen examples in which users have to input a string of text or quote instead of the usual nine letters, one symbol, one number and one capital letter style password that we have become accustomed to. By changing the rules of passwords, we change the parameters for criminals to break into our accounts. This change might seem like a hinderance for some staff, but the long-term protection outweighs that issue.
Update and upgrade your technology
Ensuring your technology controls are updated regularly is imperative to minimising the risks of exposing sensitive information to criminals. This is an essential time to update your anti-virus and anti-malware software and enforce key update policies on staff devices. The move to remote working and distribution of additional IT equipment could potentially expose an entry point for criminals if the security software isn’t updated regularly. Some businesses have moved away from software stored locally on devices and use cloud-based security platforms to centrally control and monitor any internet traffic to and from work devices and catch any phishing attacks them before they infect the system.
Have a ‘security aware’ culture for your staff
With all the safeguards in place and staff being informed, phishing attacks may still break through the perimeter. Remote workers. who might have accidently fallen foul to a phishing attack need a secure method of informing IT teams about threats before they infect your data.
Creating the right culture backed up with the latest security technology can provide the assurance your business needs in these unprecedented times.
If you would like more information on security for your business, please see our links below: