WFH Cyber-Safety Tips for Small & Medium-Sized Businesses
Posted on 23rd June 2020 at 10:29
Home working has suddenly become the new normal for millions of people in the UK, and for most larger organisations, the transition has been seamless due to their existing technology.
However, in a bid to swiftly relocate their teams and get back down to business, some companies may have left themselves exposed to security risks, particularly with the deluge of coronavirus phishing scams currently in circulation, simply by not having effective remote access and security policies in place.
The Iridium security practice, which, despite the recent upheaval for many companies, continues to conduct core assessment reviews, network security refreshes, O365 and other cloud-based implementations for its client base, has tapped into its 20 years of security expertise to share six instant checks and measures smaller business owners can implement, with immediate effect, to reduce their risk of cyber-attack:
Ensure your workforce is ‘cyber security’ aware — employees may have been provided with the company remote access policy when they were first appointed, but now’s the time to recirculate it, whilst reminding the entire team that it must be adhered to at all times.
Check the team’s security software, such as AV, anti-malware, spyware and automatic updates, is up to date — software updates do lapse. Whether working on personal or company laptops, you must ensure that everyone has good quality, and crucially, updated software.
Ensure your company’s collaboration and remote working tools are secure and up-to-date — certain collaboration tools have hit the headlines recently, not just for their increase in daily traffic, but also for security and privacy concerns. Make sure your remote workers are enabling their password settings, checking sender details when receiving files shared within videoconferencing tools and setting meetings to private.
Ask workers to think twice before clicking links in external emails — according to recent press reports, 80% of current scams, hacks and cyber-attacks are coronavirus themed, with many offering help, advice and even masquerading as HMRC and WHO, but it’s usually easy to spot a bogus message by taking a closer look at the actual email address. If in doubt, avoid.
Mobilise your company IT administrator – larger firms have entire IT security teams in place, but with many smaller to medium-sized companies, this responsibility often lies with the IT or admin manager. Ask the person in charge of your IT security to circulate a company-wide email instructing staff to contact them with anything that looks remotely suspicious — no matter how insignificant it may seem.
Don’t forget the basics — ensure you and your team only use trusted sources when seeking information in relation to COVID-19. It’s also worth reminding employees never to reveal personal or financial details — be it over the phone or in an email. Anything or anybody that asks for passwords, personal information or bank details should set those alarm bells ringing.
For longer term peace of mind, for all kinds of businesses, we would advise a current status assessment of your company’s security posture to identify any weak spots. We would then work closely with you to strengthen security, bring down risk, raise maturity and help to ensure you’re protected against the latest cyber security threats. Additionally, we would recommend a core network refresh and a review of your collaboration tools and technologies to allow all people to work from home both safely and efficiently.
Please contact Ben.Dainton@ir77.co.uk to discuss your security concerns or remote working requirements.
Share this post: