Sadly, cyber criminals have seen the pandemic as an opportunity to be exploited with reports suggesting as many as 6,000 cases of Covid-related fraud and cyber-crime have been reported during the pandemic.
We are all well aware of the changes to normal working practices seen over the last year with more people than ever working from home. And the rapid increase in those working from home outside of the normal security of the office environment has presented further opportunity to cyber criminals.
What is the risk of Cyber Crime to remote workers?
A number of factors increase the risk of cyber-crime amongst remote workers such as:
- Use of personal devices to carry out work
- Feeling disconnected from the IT team – not having anyone to ask questions or consult when unsure of something security related
- Not being trained on or aware of cyber security policy
- Not adhering to IT security protocol
- Increasingly being targeted by phishing emails
This is particularly true during the pandemic. Cyber criminals have deliberately sought to exploit people’s fears and anxieties about COVID-19 as well as the demand for information with the number of phishing emails and malicious websites relating to Coronavirus increasing.
What is the current work from home guidance?
Work from home guidance was first introduced one year ago, and despite a short-lived push to encourage people back to the office in the summer of 2020, work from home remains the key advice today.
Under the current lockdown, going to work guidance states that you ‘may only leave your home for work if you cannot reasonably work from home’
The 4 step roadmap for easing lockdown also continues to advise people to work from home where possible. In fact, Steps 1, 2 and 3 see this advice maintained. The full lockdown easing roadmap states that a review into social distancing which is to be completed ahead of Step 4 (no earlier than 21 June) will inform guidance on working from home. And that people should continue to work from home where they can until this review is complete.
Why now is a good time to check your remote working cyber security
Now that we know people are going to be encouraged to work from home well into the summer, now may be a good chance to sense check your remote working cyber security policies are continuing to being adhered to and that they are working well.
The National Cyber Security Centre (NCSC) have a cyber security guide for small businesses and a guide for working from home amongst other valuable, practical information for improving your cyber security so it is certainly worth taking the time to familiarise yourself with this advice.
Some areas to look at when reviewing your remote working processes and procedures include:
Check employees continue to make use of company provided devices
These will offer the highest level of security as you will have had chance to configure the device and ensure that it complies with your company IT policy. Personal devices have fewer controls on them and are more likely to be shared amongst different members of an employee’s household potentially increasing the risk of cyber-attack.
Ensure staff are using your VPN
Virtual Private Networks (VPNS) allow remote workers to securely access to your businesses IT systems such as emails or files through the use of encryption.
This should be the only way staff can access your IT systems when working from home to maintain security. Do take a look at this guide to VPNs from the NCSC for further information if you are thinking of setting up a VPN.
Remind employees of the importance of good password management
All new accounts that you set up for employees should have strong passwords attached and the default password changed. Where possible it is advised that you set up 2 factor authentication for added security.
Remind employees not to use the same password for all of their accounts, not to write passwords down or to share passwords with other employees. All employees should have their own account and password for all systems that they access.
Make all software updates
Software providers regularly release updates to patch any possible vulnerabilities. Make sure these updates are made across all of your devices as soon as possible when they are released to avoid giving cyber criminals an easy way into your systems.
Train all staff of your cyber security policy on a regular basis
Firstly, make sure that you have a focus on cyber security and have a formal cyber security policy in place for your business. Keep up to date with cyber trends and possible risks that may impact your business this year.
Your policy should provide clarity about what is expected of employees when it comes to data security and use of company systems and applications.
Train your employees on your policy regularly and make sure they have easy access to it. Your training should also educate employees about the responsibility they have when it comes to maintaining cyber security for your business. Make sure staff feel comfortable to question when something doesn’t seem right.
Look to the long term
Even once the effects of the pandemic lessen and life returns to ‘normal’ many businesses expect to continue to offer employees the chance to work from home, whether on a full or part time basis. So, getting your remote working set up correct and ensuring all employees can work securely from home will put your business in the best position to embrace the working patterns of the future.
If your business has changed the way it works during the pandemic – either through an increased number of staff working remotely or through setting up an online presence to allow you operate whilst physical shops are shut, you may need to review your insurance needs. You may now have a need for cyber insurance or need to extend your small business insurance to ensure you have sufficient cover for home workers. Chat to one of our friendly advisers at Anthony Jones today if you have any questions about your changing insurance needs. You can get in touch on 020 8290 9080 or email us at firstname.lastname@example.org.