In an effort to limit the virus outbreak, workplaces have been uprooted and employees have been sent home to navigate the brave new world of remote working.
And just as we’ve been drilled on the importance of washing our hands to prevent the spread of the virus, there are basic cyber-security hygiene measures businesses need to be taking to make work-from-home secure.
Experts have warned large numbers of employees accessing services and data remotely increase vulnerability to cybercrime. This comes at a time when hackers are targeting pandemic anxiety with covid–19 related scams.
These attacks take different forms: websites claiming to have found a cure to the virus; phishing emails impersonating NZTA offering to renew vehicle registration during level-4 lockdown; and more direct attempts to hack access to video conferencing apps.
While many businesses have security measures to protect from these attacks in their workplace, those at home using different devices and networks likely do not.
Chief executive of Kiwi cyber security firm SafeStack, Laura Bell said taking 20 minutes to assess security and making some simple changes could be all it takes to avoid falling victim to a cyberattack.
“There is increased vulnerability at the moment, but it is not just because we are working remotely, it is because we’ve changed so much of the way we work, so quickly,” she told BusinessDesk.
The three cyber security basics are: setting strong passwords; enabling two-factor authentication; and keeping the latest software updates installed.
While managing cyber security can be daunting for small businesses, Bell said it is important to remember practicing digital hygiene is enough to mitigate most casual attacks.
“If you think about phishing, set up the configuration on new tools and make sure files are stored properly, then have a deep breath and a cup of tea — you’ll probably be fine.”
Phishing
Bell warns that hackers “capitalise on the lingering anxiety we are already feeling” targeting people with ‘phishing’ attacks.
Phishing is when an attacker attempts to trick you into giving away your personal information or your financial details — often by pretending to be a legitimate business, such as a bank.
Commonly, you will receive an email asking you to follow a link, which will trigger the installation of malware or take you to a website that asks you to enter personal information such as your password or bank account details.
To avoid falling prey, CERT NZ recommends you avoid following on any links in unsolicited emails and be cautious of opening unexpected email attachments.
Stop and check before you give out any personal information. Make sure you know how the companies you deal with will contact you and what kind of information they’ll ask for. For example, a bank will never email with links to online banking and ask you to login.
“If you get any online requests for personal or financial details that you're unsure about, do some checks before giving your information away. For example, if your insurance company asks you for information online, phone them to query their request first.”
Video Conferencing
As daily meetings have been moved from the conference room to online video platforms, the risk of sensitive information being overheard has also increased.
“There is a lot more use of video conferencing now, so there are a lot of people trying simplistic attacks against video conferencing suites,” Bell said.
Businesses using video conferencing software typically have IT departments to help employees set up accounts with passwords and enable additional security features. This is being missed as first-time users log in, leading to reports of unwelcome internet trolls joining video conferences and sharing unpleasant content.
Bell said if you are using video conferencing software you should take a few minutes to go through the settings and ensure they are set correctly.
This is as easy as setting a password for meetings and allowing the meeting host to approve anyone trying to join the meeting.
“They are not particularly technical things, just spending 20 minutes tomorrow morning going through the settings on your new video conferencing and putting a password on, that would be a good use of time right now,” Bell said.
Physical security
Bell said businesses also needed to be thinking about physical security now that operations were taking place outside of an office environment and don’t have an IT team on hand to repair or replace broken equipment.
“We are now all remote and those laptops we took home on the last days before lockdown are now crucial bits of business equipment,” she said.
“We will have people all over the country who lose a bit of equipment because their child helps out and decides to do a water test,” Bell said.
To mitigate disruption, it is important to back up the data on devices by copying it to either an external hard drive, or to a cloud-based service like Dropbox.
Bell said this not only protects against damaged equipment, but also against ransomware cyber-attacks — when a hacker encrypts a device and charges a ransom to restore the files.
If you’re targeted by one of these cyber-attacks you may not be able to access or use your computer. But if the data is backed up externally you will be insulated from this type of attack.
