Recent government restrictions to help prevent the spread of Corona Virus/COVID-19 may have paused our usual daily activities but cybersecurity threats, unfortunately, are not on pause. In fact, there has been a rise in malware attacks such as phishing. With many of us (including our team at MDRB) working from home, outside our secure company networks with spam filters etc, additional caution to protect your data has become more important than ever.
With help from our IT providers at Radius, we’ve implemented a wide range of IT and Data Security procedures here at MDRB to allow us to fully offer our services securely and above all safely. These cybersecurity tips for staff working remotely below are what we’ve learned before and during the transition.
Secure your home network
The first step in helping to prevent any cybersecurity threats is to make sure your home network is secure. Ensure that your wifi network is encrypted. Do you have a password set on your router? If not, this is your first step. If you have a password set on your network, is it the default password? Default passwords for routers are a weak link that an attacker can use to their advantage. Make sure to change this and make sure it’s not a generic password.
Use a VPN
A Virtual Private Network (VPN) connection is a popular method to connect securely to your work network. A VPN secures and encrypts your web browsing and remote network access by creating a secure virtual tunnel between your laptop and your office server for example. With a VPN, no one can intercept your data while using an internet connection. When using public WIFI or an unsecured wifi network, you should always use a VPN.
Use 2FA (2-Factor Authentication)
Multi-factor authentication or Two-Step Authentication (2FA) is one of the most effective ways to prevent unauthorised access to your computer and online services. 2FA provides an extra step in the login process, so if your password is hacked, they will need your extra authentication step to access your device/information.
Multi-factor authentication can use a combination of the following:
- something the user knows (a passphrase, PIN or an answer to a secret question)
- something the user physically possesses (a card, token or security key)
- something the user inherently possesses (a fingerprint or retina pattern).
- something only the user can receive (a text message to a registered phone).
Check your firewall
Firewalls act as a line of defence to prevent any threat from entering your network. A firewall creates a barrier between your device and the internet by selectively restricting some types of traffic. This can help prevent any malicious programs from talking to your device and help to prevent any data from leaking out. Thankfully, most home broadband routers are pre-configured with firewalls, but if you have techie kids who are into online gaming, you should check to see if they’ve adjusted any router settings recently! They may have inadvertently exposed a weak point.
Phishing is a scam whereby a user is fooled into divulging personal info by a legitimate-looking email or call. Cybercriminals are exploiting the coronavirus outbreak to send fake emails with potentially dangerous links to employees who, outside the protections of the company network have become more vulnerable than usual.
- Is the email asking you to verify your password and login details? No reputable organisation will ever email you looking for you to verify your logins like this. This is one of the most obvious phishing attempts.
- Is the email asking you to make an unexpected transaction, for example urgently pay an invoice or update bank details? You should always verify these by phone.
- Check the sender’s email address for any obvious spelling errors or a 0 where there is meant to be an O.
- Check for poor grammar in both the subject line and body.
- Hover over any links to view the actual web address
- Don’t click any links or attachments unless you are certain it’s from who they claim to be (and you trust them).
- If in doubt, contact the sender using a phone number or a new email (not replying to the email originally sent to you).
Lock your device when not in use
This is critical if working in a public place or you live with people whom you can’t share any work information with. By setting a password on your device, your data is encrypted and can’t be read until the password is entered. Don’t lend out the device you use for work to children or members of your family either, they can unintentionally share or delete critical information or accidentally introduce malicious software to your device. If you have to share a device with your household, create separate profiles so that each person logs in with a unique username and passphrase.
Is your Business Insurance up to scratch?
With the potentially huge cost of a data breach or cybersecurity compromise and remedial action, cybersecurity is a critical aspect of business insurance that is often overlooked. Here at MDRB, our tailored commercial insurance can give you peace of mind knowing that the particular set of risks to your business are covered, whatever the circumstances. Talk to Greg today on 087 152 2272 or by email firstname.lastname@example.org