Reducing the risk of cyber-attacks during home working

With lockdown measures in place once more, although not quite as sweeping as the March lockdown, it means that many thousands of employers and employees are once again going to be working remotely.

During the first lockdown in March, many employers took the opportunity to reinforce their cyber defences and institute new protocols for employees using work equipment that is connected to their domestic broadband, usually via Wi-Fi.

However, not all employers were quite so assiduous and as we move into the second lockdown, staff may well still be using their work equipment for both work and leisure activities without the appropriate IT infrastructure and available expertise in place to support this form of working. Inadequate data governance, a lack of risk management strategies and a general lack of preparedness could contribute to cyber vulnerabilities.

It is also still a fact that cyber criminals are using this opportunity to take advantage of the lack of effective security and people’s worries about the coronavirus and its effects to trick them into clicking on sites that seem to be related to the virus but are in fact hotbeds of malware.

More than 4,000 coronavirus-related domain names were registered during the first lockdown, including one site that lured victims by persuading them to click onto a coronavirus tracking app that downloaded a virus or trojan onto the computer. This then infected the organisation’s system the next time the employee logged on.

The sheer volume of phishing emails and other security threats related to coronavirus includes international gangs sending over 1.2 million malicious emails at a time.

Many organisations discovered too late, that the human factor is the weakest element in their cyber security chain, with poor training and ineffective enforcement of remote work policies leading to their IT security being compromised.

Key to surviving a cyber-attack – either during the new lockdown or at any time in the future – will be implementing fundamental safeguards such as:

• ensuring that staff are adequately trained, restricting work equipment to business-related tasks only;

• requiring multi-factor authentication for business apps and networks;

• implementing robust VPN infrastructure; and

• mandating employee use of private Wi-Fi networks.