Covid-19 and working from home – how do I keep my business cyber secure?

As a nation we are conducting the largest remote working experiment possible. It will therefore come as no surprise that Covid-19 now potentially also poses the largest cyber security threat we have ever seen.

The National Cyber Security Centre (NCSC) has reported a number of coronavirus-related cyber security attacks throughout 2020.
Researchers from Barracuda monitoring global Covid-19-related phishing activity recorded:

137 incidents in January
1,188 incidents in February
9,116 incidents in March.

These have ranged from phishing attempts, malicious attachments and links and malware or ransomware strains.
Cyber attackers are looking to take advantage of people’s anxiety surrounding Covid-19 – the uncertainty in the coming weeks will inevitably be exploited by cyber criminals.
All this raises one simple question for business owners.

What can I do to ensure my business stays cyber secure?

Make sure your homeworkers are following cyber security best practice. The NCSC has issued detailed guidance to help with working safely and securely. It outlines recommended steps in:

  • Preparing for home working
  • Setting up new accounts and accesses
  • Controlling access to corporate systems
  • Helping staff to look after devices
  • Reducing the risk from removable media.

What other measures can I take to make sure my business stays safe?

Some security measures can be taken immediately. Other processes will need to be continually monitored. A few of these are as follows:

Make use of a VPN. Using a VPN on a PC, laptop or mobile device creates an encrypted network connection. This will increase security of data for employers whilst employees can still access their work IT resources.
Update your cyber security policy to cover remote working and ensure that your insurance policy provides adequate cover. Given that we are unsure how long employees may be remote working for, it is important that your business has an effective cyber security policy in place. This will need to consider protections covering remote access, employee use of personal devices, and updated data privacy considerations.

Ensure your work network has tight security provisions, being sufficiently patched with sufficient security configurations.
Provide sufficient guidance to employees in spotting and reporting suspicious activity, such as Coronavirus phishing campaigns. Communicate updated advice regularly to employees to act as reminders.

Your specific industry or sector might have particularly applicable compliance rules and regulations in relation to the handling of information and work product, so ensure that adjustments to working practices, like remote working, that you are having to implement, do not result in compromising adherence to those rules and regulations.

Robert Krug, network security architect for antivirus software giant Avast, says simply: “computer viruses can spread just as easily as human viruses”. It is more important than ever to remember we are all responsible for ensuring the security of our personal data and our employers’ data through monitoring the safety of our devices.

For more information, please contact Nicola McNeely, Partner, Head of Technology Sector, Harrison Clark Rickerbys.