Reducing the risk of cyber attacks during Coronavirus
When the lockdown was announced on 23rd March, many employers across the UK had to act quickly in order to get their employees working from home. In some cases, this meant that there was little time to put in place the kind of security measures that would normally have been implemented if an employee had announced that they would be remote working. This, coupled with the lack of IT awareness training for some employees, has opened up vulnerabilities which are in danger of being exploited by cyber criminals. What can be done to safeguard organisations?
Many home-working employees are currently spending long periods online, using work equipment that is connected to their domestic broadband, usually via Wi-Fi. They are using this equipment for both work and leisure activities without the appropriate IT infrastructure, available expertise, inadequate data governance, a lack of risk management strategies and a general lack of preparedness being in place to support this form of working.
At the same time, cyber criminals are using this opportunity to take advantage of the lack of effective security and people’s fear of - or curiosity about - the coronavirus, to convince employees to click on malicious sites.
Reports show that more than 4,000 coronavirus related domain names were registered in the last few weeks, many of which are malicious, including one site that lures victims by persuading them to click onto a coronavirus tracking app that downloads a virus or trojan onto their computer. This then goes on to infect the organisation’s system the next time the employee logs on.
The sheer volume of phishing emails and other security threats related to coronavirus includes international gangs sending over 1.2 million malicious emails at a time.
Many organisations are discovering too late that the human factor is the weakest element in their cyber security chain, with poor training and ineffective enforcement of remote work policies leading to their IT security being compromised.
If they are to have any chance of surviving a cyber-attack during the coronavirus lock down, it is essential that organisations implement fundamental safeguards such as:
ensuring that staff are adequately trained on cyber security and the threats they may encounter;
restricting the use of work equipment to business-related tasks only;
requiring multifactor authentication for business apps and networks;
implementing robust VPN infrastructure; and
mandating employee use of private Wi-Fi networks.
Looking for more advice or guidance on this matter, or any other business-related issue?
rradarstation (link) gives you 24/7 access to guidance, videos and on demand webinars answering frequent questions and downloadable templates to use in the day-to-day running of your business, each written and verified by our legal professionals. You will find the answers you are looking for at rradarstation.