24/03/20 | Security
As the number of novel coronavirus cases rises, New Zealand businesses are heeding Government requirements by closing non-essential workplaces and asking staff to work from home in a bid to slow the anticipated spread of the pandemic.
Many corporates have been testing working from home scenarios over previous weeks and feel ready to transition into the new way of operating. However, when staff are removed from the office environment, it’s easy to slip into bad cyber security habits.
With the heightened level of disruption, your company’s cyber security processes and policies are more important than ever. Think of the immense reputation damage and difficulty responding if your systems were subjected to a security breach during this volatile time.
Ensuring a home working environment is ‘safe’ isn’t difficult. Peter Bailey, General Manager at Aura Information Security, shares the steps you can take to improve cyber security outside the office.
1. Reinforce the rules
Most companies will already have an information security policy in place. If remote working is in your business continuity plan, review the policy and make sure you communicate clearly with your staff that the same cyber security rules apply, even when working from home.
If you haven’t yet laid down some security policies for your business, I recommend getting this sorted as soon as possible. There are some useful online tools and guides specifically aimed at smaller businesses and start-ups on the CERT website, which will help get you started.
2. Secure your smart devices
With smartphones and laptops essential for maintaining productivity outside the office, it’s important to make sure these devices are adequately protected. If you work for a company that has an IT department then get their help to make sure all laptops and smartphones are up to date. If not, at the very least aim to do the following:
- Auto-lock devices: Make sure all your devices are set to lock themselves if unattended, including your computer and your phone. Use the fingerprint sensor or facial recognition technology available on most modern devices, as these measures are effective and simple.
- Passwords: Make sure you have unique passwords. Choose a passphrase, a string of words, such as song lyrics, that is easy to remember and hard to guess. Password managers are also a good option.
- Separate work and personal life: Don’t let family members, especially children, access the devices you use for work. Try to have dedicated work and personal devices where practical, so there’s minimal crossover of sensitive data.
- Beware USBs: While it might be tempting to use USBs to share and store work, one corrupt USB can easily infect a device or an entire network. Back up files and documents via the cloud instead, with secure passwords.
3. Don’t lax on the regular back ups
With many individuals working away from the network, it’s more important than ever to make sure documents and files are safely backed up. A good option is to ask staff to use an automated backup solution that takes data offsite and stores it in the cloud. Try to use the same services as those already used within your company to backup files you’re working on, such as Office 365 or Google Drive.
4. Stay on top of software updates
When it comes to identifying the source of data breaches, one of the biggest offenders is outdated software and operating systems. Technology companies issue updates for a reason, usually to address new vulnerabilities. That’s why you should install an update as soon as an update becomes available, and configure any device used for work for automatic updates. While it may be a mild annoyance or disruption to update your device, being impacted by a breach that could have been prevented will be a much bigger one. While you’re at it, ensure all your devices have a reputable internet security package, including antivirus, installed and up to date. This is a basic but entirely necessary requirement for anyone who uses the internet.
5. Secure home routers
Routers are often a network weak point, since many people simply plug it in, leave it with the default password, and never think about it again. Encourage staff to set a unique password, enable encryption and make sure the device itself receives regular routine software updates. Either find out from your service provider how to log on to do regular updates yourself or arrange for them to perform updates and checks on an ongoing basis.
6. Stay alert against ‘Covid-19’ scams
As many companies around the world adopt work from home policies, cyber criminals will try and capitalise on the opportunity to target workers with Covid-19 related scams. Some phishing emails may present as official communication from HR teams, health officials or other institutions purporting to share information related to the pandemic. While it may be your first instinct to follow the instructions, make sure to check the sender information before you act. Remind staff to use caution when receiving any request for log in details and think twice before they click links or download attachments. If you receive a strange email from a known contact or colleague, call the sender to verify the information.
7. Ask for help
If you think you have been breached, don’t keep it to yourself or try to solve the problem on your own. Alert the company you work for immediately and let them know what information or data might be compromised, or make sure you have an external security team who can get onto it as soon as possible. The faster a breach is identified, the faster it can be shut down, fixed and resolved.