The changes in Covid-19 related working practices including increased levels of remote working bring to the fore the need for adequate online security for clients, staff and their business.
We have created a list of security measures for you to consider in your business to protect you, your staff and your clients privacy and data:
Practical Steps To Take
> Use a password manager (eg www.1password.com) and avoid reusing passwords across several websites,
> Set up 2 factor authentication for your cloud based platforms and for your email inbox.
> Don’t open emails from senders you don’t know. In particular, don’t click on links or open associated as they can contain malware.
> If you receive an unusual email from a friend or colleague containing a link or file, contact the sender via phone to confirm if they have sent it. Their email account may have been hacked.
> You can check if any account of yours has been compromised in past data breaches on www.HaveIBeenPwned.com
> If you receive a phishing email, report it to your email provider.
Use a Secure Wifi Connection
If you’re working from home and have an older Wi-Fi system in your home, take these steps to add additional security to your connection:
- Confirm with staff that are working from home that they have updated anti-virus software on their computer or laptop with the essential privacy tools activated before accessing client’s confidential files.
- You should be using WPA2 security to guard access to your router and change the Wi-Fi password on a regular basis to ensure not too many people have access to your Wi-Fi.
- Disable remote access and UPnP. Many routers allow remote access from outside your home while Universal Plug and Play (UPnP) is a feature which makes it easier for devices such as smart TVs or game consoles to access the web. Unfortunately, UPnP can be used by certain malware programs to get access to your router’s security settings.
- Keep all devices that are connected to your Wi-Fi up to date with latest security software.
- Take care with which apps, programs and browser extensions you install.
> Create difficult passwords using password manager tools such as LastPass which will create, remember and autofill passwords for you.
> Use a VPN, these are Virtual Private Networks have many roles but one important role that they provide is encryption of all your internet traffic meaning it is unreadable by anyone who accesses it. One option for smaller businesses include ScribeForce.
> Ensure all firewalls are enabled on devices connected to your network and if you are concerned that they are not enough. You can use a third-party firewall such as McAfee.
> Back up all data, ransomware and other malware can destroy data or wipe a system. You can use either a hardware backup such as an external hard drive or a cloud service such as iDrive.
Train Staff to Identify Scams
There has been a notable rise in the number of phishing scams on businesses in recent weeks in response Irish cybersecurity awareness training company Cyber Risk Aware announced that it would be providing free COVID-19 phishing tests for businesses. Companies are invited to run a phishing simulation in which up to 100 staff can learn how to avoid falling for COVID-19 phishing lures.
Provide Good Support
If your staff are working from home, this working arrangement may be new to them and they may find it difficult to adjust to, particularly if they are not technology savvy. Do your best to provide your remote team with a designated contact for tech queries or problems. Ensure they have the adequate support and outline the essential steps to be taken in the event of a security breach.