Security While Working From Home Has Never Been More Important

hacked crop

In some areas of the UK, burglary has fallen by 37% as more of us work from home during the pandemic and shoplifting has fallen by more than 50% as fewer shops are open.

One of the few areas of criminal activity which has shown an increase in the UK is fraud, with Home Secretary Priti Patel, reporting at a recent Downing Street briefing, that losses for coronavirus fraud now stand at £2.4 million. There has been a major increase in the number of cyber-attacks since more of the working populations began homeworking. The National Cyber Security Centre (NCSC) has reported that phishing crimes are also on the rise. Cyber security has never been more important for UK businesses. Austen Clark, managing director at Clark Integrated Technologies, will be delivering tips to businesses on how to manage these risks during an online SCDI seminar in 14th May. Click here for more information.

Security for your business data is best used in a layered approach according to Austen; there is no single solution.

Businesses need to cover the basics and then look at how they can improve their IT and should be asking, “What is mission critical and you can we not do without?”

So how do businesses protect themselves, their workers and their IT while working from home?

Use secure passwords

It’s an old chestnut but password security and hygiene with regular changes is one of the best defences. As well as a secure password, firms should also implement multi factor authentication (MFA) where possible to access company resources.

Employees should use a unique password for each online service they access. It makes it very easy for criminal fraudsters to breach your security if individuals use one recurring password. Setting strong passwords for user accounts is a necessity. You can use NCSC guidance on passwords and review your password policy.

Also consider using a password vault. There are resources such as Lastpass which offer a free account to store your unique passwords.

Setup a secure VPN

Virtual Private Networks (VPNs) allow home workers to securely access your organisation's IT resources (such as email) and to connect into the office to access company information. If you already use a VPN, make sure it's fully patched and supports SSL access.

Advanced Email Protection

Email is currently at high-risk from cyber criminals.

These lawbreakers are preying on fears of the coronavirus and are sending 'phishing' emails that try and trick users into clicking on a harmful link. Once clicked, the user is sent to a hazardous website which could download malware onto your computer, or steal passwords. The scams may claim to have a 'cure' for the virus, offer a financial reward, or be encouraging individuals to donate.

Whether you run a business, charity or an educational establishment; we recommend that you use an e-mail filtering service that scans all e-mails for threats such as malware, phishing or impersonation. It’s especially important to scan attachments, if your staff are using their own devices.

Ensure your domain name systems (DNS) records are up to date – check your domain name using the tools – https://mxtoolbox.com.

Correctly configured sender profile framework (SPF) and authentication protocol DMarc records can stop spoofing your organisation’s e-mail domain.

Secure your device

Make sure that no one in your organisation ignores software updates - they contain patches that keep your device secure. Your organisation may manage updates, but if you're prompted to install any, make sure you do, and ensure everyone else does too.

Always lock your device when you're not using it. Use a PIN, password, or fingerprint/face id. This will make it harder for an attacker to exploit a device if it is left unlocked, lost or stolen.

Avoid downloading suspect apps. Only use official app stores (like Google Play or the Apple App Store), which provide some protection from viruses. Don't download apps from unknown vendors and sources.

Removable media

USB drives can contain lots of sensitive information, are easily misplaced, and when inserted into your IT systems can introduce malware. When USB drives and cards are openly shared, it becomes hard to track what they contain, where they've been, and who has used them. You can reduce the likelihood of infection by:

  • disabling removable media using MDM settings
  • using antivirus tools where appropriate
  • only allowing products supplied by the organisation to be used
  • protecting data at rest (encrypt) on removable media

You can also ask staff to transfer files using alternative means (such as by using corporate storage or collaboration tools), rather than via USB.

Need to know more?
Contact Clark IT for advice on how to keep your business safe from cyber criminals.

Contact Us