Home is where the heart is, or at least that’s how the saying goes. However, when it comes to information security, home isn’t as safe an environment as you might think. Hackers already prefer attacking home networks because their security measures are often not as thorough as an organisation’s.
IT departments across the country have been put under unprecedented pressure due to the COVID-19 (Coronavirus) outbreak. Suddenly, organisations are relying on staff working from home in order to continue operating, and many were not prepared for it. This means, in the eyes of cybercriminals, it’s open season.
Ask yourself: Is my network as secure as it could be? If a hacker targeted me, have I done everything I can to protect my own and my organisation’s data? If the answer to both these questions is not a resounding ‘NO’, then you might find this blog on security when working from home useful.
For even more hints and tips – including information for organisations using Office365 – click here to read a piece we produced for our partner Data2Vault!
Phishing At Home
Phishing is the chief cause of all data breaches, accounting for over 90%. While this is still a huge concern for those within an office, home workers have their guard lower and are more susceptible.
To make matters worse, scammers are using the Coronavirus panic as a way of making potential victims click, posing as bodies like the Government and the World Health Organisation (WHO). We have already written about some of these new scams in a blog, which you can view here.
However, if you want a quick read, here are our top tips for how to avoid being phished at home:
- Be wary of emails that contain links, imply a sense of urgency or ask for login details.
- Double-check emails for spelling and grammar errors as this is a sign of a phishing attack.
- Hover your cursor over any links you’re unsure of to check their actual destination.
- Remember not to give out details online unless you have instigated it.
Covid-19 Ransomware
Phishing attacks on their own pose a significant threat to your personal and organisational security, but when they lead to ransomware attacks, the damage can be catastrophic to an organisation.
Ransomware, which encrypts and locks all data on your device or system, demands payment or will automatically destroy every file it has discovered. With data being the most valuable asset of any organisation, it’s virtually impossible to quantify the damage that mass deletion can cause.
Worse still, coronavirus has birthed a new host of ransomware attacks. Just last week, healthcare workers were attacked with ransomware which used coronavirus as bait.
While we’d strongly recommend following our tips for reducing your risk of being phished to help reduce your chance of falling victim to ransomware, there are steps you should take to protect your data in the event your data is encrypted by ransomware:
- Run ethical phishing tests on your organisation and target eLearning at staff who fail to spot their nature, to raise awareness
- If remote users are set up to store their files and data on your organisation’s servers, protect that data with regular backups with cyber scanning and Attack Loop prevention.
- If your remote users are storing their data on their local systems, then set up end-point malware scanning and detection.
Secure Mobile Working
With current Coronavirus measures forcing so many employees to work from home, and 48% of phishing attacks taking place on mobile devices, it really is like shooting phish in a barrel for cybercriminals.
More than 57% of all internet traffic comes from mobile devices, so it’s no surprise that attackers have turned their focus to mobile employees, especially when you consider that users are 3x more vulnerable to phishing on mobile devices than on desktops.
If you are self-isolating and/or working from home, then remember to:
- Secure your wi-fi connection by updating your antivirus software and making sure you’ve changed your password from your router’s default. Strong passwords use a collection of random, but memorable words interweaved with numbers, capitals and special characters amounting to more than 8 characters e.g. Pile4Loose2Twix”
- Regularly update your privacy tools, add-ons for browsers and check your patch levels.
- Backup your data so that, in the worst-case scenario of staff falling foul of ransomware, all is not lost.
- Make sure you are using a secure connection. If your organisation’s policies permit its use, consider using a Virtual Private Network (VPN) to connect your PC to your workplace server.
- Check that you have encryption tools installed.
For organisations looking to make secure cyber behaviours part of their culture, book a web demonstration with a member of our team to discover how our innovative eLearning courses can help you reduce your risk of breaches.