Heightened cyber risks have emerged as a serious issue, given most businesses now have many staff working from home.
So it’s important to put in place policies and procedures to ensure data is secure no matter where staff are located. Helping staff to recognise and avoid risky behaviours is also part of a great cyber safe culture. Here we explore some of the essential steps businesses need to take to reduce the risk of cyber criminals compromising the network.
Make sure staff are updating security alerts
“The challenge is to ensure cyber security is top of mind for employees,” says Fernando Serto, head of security technology and strategy at Akamai Technologies.
“But it can be tricky to enforce behaviour when people work at home, especially when it comes to ensuring employees are uploading security updates,” he adds. One way to combat this is to put controls in place so staff can’t access work applications on their devices until security updates have been installed.
“This will encourage users to keep up with updates and patch cycles,” Serto says. This is also effective no matter if staff are using devices provided by the business or their own tablets, laptops and smart phones.
“It’s essential to teach staff how to recognise a phishing email, which is challenging given criminals are becoming increasingly sophisticated in their approach”
Educate staff about cyber safe practices
Phishing is a huge challenge for all businesses. These are fake communications sent by criminals that look messages from a real business. The fraudsters attempt to get staff to click on links, which gives offenders access to the business’ IT system.
It’s essential to teach staff how to recognise a phishing email, which is challenging given criminals are becoming increasingly sophisticated in their approach.
“We’ve seen phishing campaigns that use social media and other methods to try to lure individuals to click on a malicious link to compromise a work device,” says Serto. So it’s important to create an open, honest and transparent communication channel between staff and the IT security team.
This enables the business to explain to teams why being phishing-aware is important and to let them know when new scams emerge.
Ensure staff are safe when they use video conferencing
The use of video conferencing tools has skyrocketed this year, greatly assisting firms to communicate when staff are no longer office-based. But hackers can easily compromise these tools and use them to enter a firm’s network.
So it’s important to implement proper protocols to reduce this risk.“There are lots of free versions of these tools. But an enterprise-grade solution will make a significant security difference,” says Mick McCluney, technical director of cyber security firm Trend Micro.
Free services run a heightened risk of malware being installed in users’ systems. Using an enterprise-grade version substantially minimises this risk.“Outsiders guessing meeting IDs and bombing meetings is becoming an issue.
So take care to configure meetings so they are secure. Using passwords where possible also helps ensure only authenticated users are in the meeting,” McCluney adds.
Concerns have been raised by the FBI and others about IT security when using Zoom.
Hamish Blake the comedian has crashed Zoom meetings. Cyber insurance is another line of defence against cyber attacks by external parties. But it should be seen as a last line of defence. It’s also essential for firms to have the right security protocols in place to reduce the risk of compromised systems while so many people are working from home.
If the business does detect a cyber breach, use it as opportunity to educate staff and encourage them to be an active part of the organisation’s cyber security strategy. See a breach as a valuable lesson and a way of generating insights about which other controls should be in place to avoid a similar situation down the track. That’s the best way to ensure the business, its data and systems are properly protected at all times.
Important note – the information provided here is general advice only and has been prepared without taking in account your objectives, financial situation or needs. Steadfast Group Ltd (ABN 98 073 659 677, AFSL 254928)