It is being predicted that there will be a 30-40% increase in cyber attacks during the coronavirus pandemic as remote working increases. This leads to an increase in the amount of devices being used by employees to do their jobs. Unfortunately, cyber criminals are using the Covid-19 crisis as an opportunity to exploit vulnerabilities in networks, systems and social engineering. Experts from the National Cyber Security Centre have revealed a range of attacks being perpetrated online as cyber criminals seek to exploit COVID-19.
I have put together a quick guide of things to consider when working from home.
Emails and attachments
Be extra careful opening up emails and attachments if you don’t know where they have come from.
Phishing attacks are when an attacker fraudulently attempts to obtain sensitive information by disguising themselves as someone you would trust.
A ransomware attack is when the cyber criminal demands money in exchange for the data they have obtained.
94% of malware is delivered via email so we have to be extra careful not to open anything containing it. If an email looks suspicious, do not open the attachment.
Check where the email has come from. Depending on your email software you can often do this by double clicking on the recipient or hoovering your mouse over the recipient.
If you are making a transfer of money than please call and check you have the right bank details (especially if they are different from previously)
Our previous blog "Spotting email scams - what to look out for" goes into this in more detail.
Unsolicited phone calls
Working from home means we are most likely talking to more people on the phone. Please don’t share any bank details, passwords or personal information with anyone on the phone. Verify they are who they say they are by calling the number you have for them in your independant records, not any number they give to you.
Continue to choose and use a secure password, ideally generated through a password safe.
Where possible use two factor authentication for logging into cloud based systems, and do not share your passwords with anyone.
Continue to do software updates as soon as possible after release, and in any event within 14 days. Software updates are giving you the latest security features and protect you from a cyber-attack. 60 percent of breaches involved vulnerabilities for which a patch was available but not applied.
A virtual private network lets people remotely share data, as if they were connected to a private network. A VPN can help you work securely anywhere whilst still having access to all the systems you would use in the office.
If you don’t have a VPN set up, this can often be done remotely without a site visit. So if you're already working from home and can't access systems in the office, give us a call.
Although a lot of the above seems like basic measures, please check your business has an IT policy in place to guide your employees whilst working from home. It will help protect you over the coming weeks and months. The NCSC have also written a guide to homeworking, which is worth a read, and also check out our previous posts:
Protecting against a cyber attack - part 1
Protecting against a cyber attack - part 2
If you want to have a free non-obligation chat about whether you have all security measures in place for working from home, then please call 08008620095 or email firstname.lastname@example.org or complete a quick form and we'll get in touch.