Protecting your Business from Covid-19 Cyber Attacks
With many businesses implementing working from home plans for their employees, taking responsibility for cyber security has never been more important. Whether you’re working from a PC, laptop or mobile device, cyber criminals have been preying on the fears of the public in regard to Coronavirus in multiple ways. Therefore, it’s important to know what to look for when monitoring emails and device security. The National Cyber Security Centre (NCSC) has provided guidance on how to avoid ‘phishing’ emails and cyber-attacks.
What are ‘phishing’ emails?
A ‘phishing’ email is an email sent/received with malicious intent. These are usually sent by cyber criminals in an attempt to access accounts and/or steal money. However, they can also be used to upload malicious software to steal passwords and infect your computer system. For example, an email may be received informing you that a specific account has been locked out, and you need to click the link within the email to reset the password/account. Some of these emails only need you to click the link in order to compromise your system, therefore, it’s important to ensure that you are 100% confident in every email received before opening it.
Spotting a ‘phishing’ email
‘Phishing’ emails can sometimes be difficult to spot, however, there are some common themes in certain situations. The email will usually look unusual, either from a colleague with no email signature, text with obvious spelling errors or unusual subject headers. If you suspect an email is unsafe, hover over the sender email address at the top. Occasionally the email may look very similar to the usual company email address but missing a letter or misspelt in some way. Company logos could also be missing or blurry, and requests may be uncharacteristic or strange. Be sure to read every email carefully and use the preview tool in your outlook to avoid automatically opening emails fully.
The National Cyber Security Centre advise that if you think you have been scammed and clicked a link or provided password information, immediately run a scan of your anti-virus software and change ALL passwords on every account. You should also contact your IT department and let them know. Any loss of money should be reported to the police immediately.
Home Working Setup
According to NCSC, employers should ensure that whenever new accounts are setup, strong passwords should be set, and a two-factor authentication enabled if possible.
“Please refer to the NCSC guidance for system owners responsible for determining password policy. The NCSC strongly recommend you implement two-factor authentication (2FA) if available.”
They also recommend implementing an in-depth review of software available for home working, something that we at Telecoms World can appreciate. Ensuring businesses have the ability to continue communication with their staff and clients has never been more important. Our Home Working Solutions can support businesses with award winning solutions including; Cloud-based Phone Systems, Business Phone Numbers, Dial-out Applications, Call Routing, Video Conferencing, and Business Broadband.
Working from home increases the likelihood of employee devices being stolen or lost, therefore, it is advised that all devices are encrypted with secure passwords and are locked when not in use or the employee is away from the desk/device. All devices should be locked away at night and not left in vehicles alone at any time. Any security breaches should be reported to the employee’s line manager, and physical theft reported to the police immediately. USB sticks are also at risk if not properly encrypted as these can be misplaced and open for anyone to access. USBs used should only be those provided by the organisation and with encryption/anti-virus software applied to them.
Virtual Private Networks (VPNs) are secure network connections allowing employees to access corporate company data and files in order to continue with their daily business as usual. The NCSC advise:
“If you are already using a VPN, make sure it is fully patched. Additional licenses, capacity or bandwidth may be required if your organisation normally has a limited number of remote users.
If you've not used one before, please refer to the NCSC's VPN Guidance, which covers everything from choosing a VPN to the advice you give to your staff.”
Data Breach Monitoring
The Dark Web is going strong, with countless black-market sites and billions of dollars being exchanged via cryptocurrency on a daily basis! A product that is making more and more of an appearance is private data, such as credit card information, login credentials, bank details, etc. This personal information is readily available from businesses and organisations, and easily accessible with the right amount of hacking skills.
We offer a comprehensive Data Breach Web Scan and Monitoring service, where we can detect if your company has become compromised. The service is designed to help both public and private sector organisations detect and alleviate cyber threats. Our scan examines botnets, criminal chat rooms, blogs, websites and bulletin boards, Peer to Peer networks, forums, private networks, and other black-market sites 24/7, 365 days a year; identifying stolen credentials and additional personal information.
Although we can’t confirm whether any data that we’ve discovered has been used to exploit your business, the fact that we have identified a data breach should be very concerning. Visit our dedicated page to learn more about our Data Breach Web Scan and Monitoring service.
Article obtained by National Cyber Security Centre. www.ncsc.gov.uk/guidance/home-working