Unsplash With more personnel employed remotely than ever before, cyber security has never been more important. As hackers use relatively simple means to catch out unsuspecting individuals, everyone is a target. This highlights why online security in the office needs to be a shared responsibility.
Cyber Threats to Consider
Sophisticated technology means that employees can work smarter, not harder. The other side of this is the fact that ill-meaning individuals can use that same hardware to cause trouble for your business, employees and clients. In order to gain access to sensitive intelligence, a third party won’t necessarily target the organisation’s systems. Instead, they will look to gain access through an employee, as individuals tend to have less stringent security measures on their personal devices than company devices. For example, access can be gained through phishing emails. These normally take the shape of emails that include links. Once clicked on, the link infects the computer, phone or tablet with viruses or malware. Passwords can also be a threat. Sophisticated tech individuals know how to crack a password, and the process is made easier when one password is used for multiple services. A hacker can also access confidential information if you don’t have multi-factor authentication integrated with services like email. Multi-factor authentication is the process by which a secondary PIN or password must be entered with a primary password, and the secondary PIN is generated on a time-dependent third-party app, such as Google Authenticator or Okta Verify. And with many more employees today doing remote work, the possibility of video conferences being secretly invaded has increased. If meeting links aren’t kept private or don’t require an access code, anyone, including a hacker, can join the meeting undetected. Furthermore, they could use webcams (that don’t have sliding covers) to view sensitive documents left out on the desk.
6 Tips to Help Stay Cyber Secure
Organisations that deal with confidential knowledge and handle personally identifiable information need to be cyber secure. Otherwise, sensitive intel can – and usually will – fall into the wrong hands. Resulting in significant financial and reputation loss. To safeguard against this, many businesses will opt for high tech solutions and provide their personnel with a device security plan. However, these high-tech solutions can be infiltrated if personnel aren’t using the systems properly. So, it’s essential that employees are trained appropriately on how to best protect themselves and their devices from malicious attacks.
Tip 1: Use Antivirus and Internet Security Software at Home
Businesses are equipped with antivirus and internet safety software, however, staff operating remotely may not be. This makes it easy for attackers to gain access to sensitive documentation. To combat this, enterprises should invest in an antivirus suite for all staff who are working from home. This kind of product provides automatic protection against ransomware attacks, malware and spyware, and when used properly
Tip 2: Adopt a Centralised Storage Solution
Material needs to be backed up. This way, intelligence lost to a virtual incident or other computer issue is not lost forever. However, backing up data can also provide attackers with another way to access said material. This is where a company central cloud or server storage based system works wonders. Documents backed up in this system are inherently safer as they are protected by firewalls, which in turn works to keep your company, staff and clients safe.
Tip 3: Use a VPN
If you’re worried about protection whilst online, a Virtual Private Network (VPN) can fulfill a number of security tasks. A VPN will completely encrypt any data sent electronically, acting as a tunnel over the internet. This is especially useful as public wifi networks are easy to infiltrate. It’s recommended that you have a consistent VPN across the organisation, and not just entrust employees to choosing a free VPN service that might not provide adequate security or protection for your business.
Tip 4: Turn on Spam Filters
Turning on your operating device’s spam filters can go a long way towards being safe online. These filters will actively work to reduce the amount of spam and phishing emails that you receive, reducing the likelihood of clicking on a link and falling victim to viruses or malware. The type of device your employees have—whether that be a Mac, PC or smartphone—will have different methods to activate their spam filter, so comprehensive instructions for each type of device should be given to ensure success.
Tip 5: Encrypt Important Information
The importance of network encryption cannot be overstated. This process converts data into a secret code before it is sent electronically, reducing the risk of theft, destruction, and knowledge tampering. While this is a recommended step, it is a fairly low-level security technique, and so should be used in conjunction with the other cybersecurity methods outlined within this article.
Tip 6: Utilise Multi-Factor Authentication Features
As noted earlier, it’s important for data protection to install multi-factor authentication methods on your devices for different accounts. Providing two or more proofs of identity adds yet another layer of security to your data, as it ensures the user must have both forms of identification in order to access the network. In addition, it’s important that you educate staff on what makes a strong password. For example, it is now recommended that a strong password be:
No less than 12 characters, and over 15, is preferable Use a mix of characters - upper case, lower case, numbers, special characters (!,$) etc. Avoid common substitutes, for example, DOORBELL to D00R8377 Don’t use memorable keyword paths, for example the old standby password QWERTY (the top left side of a standard keyboard).
Tip 7: Educate Your Employees on Phishing
All of the security tools and trappings in the world won’t be able to protect your data if an employee gives up their information to a cyber hacker. Phishing scams, from emails to phone calls and even personalised text messages, are prevalent in today’s digital era, and have become increasingly sophisticated. Training your employees to recognise a phishing scam and the appropriate actions to take in the event of receiving such communication is necessary.
Consider This Scenario
John receives an email from his direct report requesting information that might compromise a client’s confidentiality. John looks at the email address it was sent from, and instead of the company’s standard email address of firstname.surname@companyname.com, the email address is firstname.surname@companyname1.com By taking the simple step of reviewing the email address of the sender, John knows it’s a phishing scam and so does not compromise the client’s data. Phishing identification training is generally recommended for all employees within a business.
Cyber Security in the Modern Office
As working habits begin to shift in favour of working from home, protective electronic and storage systems will become vitally important to the success and safety of an enterprise, its workers, and its customers. Instead of simply investing in operations systems and antivirus software, businesses also need to invest in keeping workers up to date. At the end of the day, an organisation’s virtual protection is only as strong as an employee’s weak and easily hackable password.
References
How to protect your business from cyber threats | business.gov.auLearn how to protect your business and data from cyber threats.Cyber Security Risks: Best Practices for Working from Home and Remotely | KasperskyBest practices for working from home and remotely. Learn how to protect yourself when WFH and how to avoid the cybersecurity risks.How Multi-Factor Authentication (MFA) works - Kloud ITMulti-factor authentication is the process by which a user is required to provide two or more verification factors so they can obtain access to online resources such as accounts, portals, applications.
This content is accurate and true to the best of the author’s knowledge and is not meant to substitute for formal and individualized advice from a qualified professional. By Roman Synkevych, via Unsplash © 2021 jacquicoombe
