Greater numbers of people working from home and greater awareness of cyber threats are just some of the likely positives on the horizon for business.
Phishing attempts, scams or ‘scareware’ through email, text and social media have risen markedly since Covid-19. According to the National Fraud Intelligence Bureau in the UK, victims lost over £800,000 to coronavirus scams in February.
“Scammers are offering information or statistics on coronavirus, deals on surgical masks or free VPN offers for businesses, but when you click on the link a malware is installed giving them control of your computer, log your keystrokes and access company and/or customer data,” said Niall Tuohy, security product manager, Vodafone Ireland.
“These phishing emails may look like they come from an internal address, but if it looks any way unusual, it is vital you contact the sender before opening the link. Beware of free or limited offers from unknown parties and untrusted websites — if it’s too good to be true, it usually isn’t!”
Niall says the risks for a security breach have multiplied as more employees have been working from home. He says that ensuring devices are secure is the key for remote working to be a success.
He is talking to business owners who want advice. He sees this advice as a service rather than as commercial opportunism.
“We don’t charge for advice. It is a bit confusing for small business owners at the moment. Everyone is out there trying to sell their wares, and there is a lot of ambulance chasing going on. There are small businesses that are struggling to find out what they need, and they’re being swamped with advice.
“The living rooms of their staff members are now the new office, and they need to take steps to ensure that these homes are as secure as their offices.
“At Vodafone, we are ahead of the curve on this as we have many people remote working for a long time, but some companies didn’t have time to react quickly enough; they just have to do all they can to ensure their security is robust. Ideally, make sure all connectivity is over VPN.
“It is also a good idea to adopt a zero trust policy. Restrict access. For instance, HR doesn’t have to have home access to the personal information of staff members. If you’re going for a cup of tea, close down your laptop.
“A lot of people use webcams. The default setting should be ‘Off’; only turn it on when you need. When Boris Johnson was interviewed remotely recently, a lot of people remarked that they could see his Zoom number.”
Niall said Vodafone staff are working “flat out” taking calls from businesses who were not prepared for these new remote threats.
For businesses who already have security built into devices, they should make sure their solutions are up-to-date and operating on the latest versions.
Businesses may want to add a feature so employees can clearly see when an email is from an external source. Company devices should have a VPN or virtual private network so employees can access company email and applications, without risk, preferably with a two-step authentication.
Businesses may also want to blacklist certain websites and install more robust device management software for an added layer of security in these uncertain times.
“For people working from home, malicious attempts to gain entry to your wifi are possible,” Niall said. “To mitigate this, and as a best practice, you should always change your home wifi password from the generic admin password provided to a personalised one. Another option is to ‘hot spot’, using the mobile data from your device, if it is secured through robust management software.”
People may be working with a combination of personal and company devices as an interim step to ensuring business continuity. Without the security of a firewall or the ability of updating or enforcing the latest anti-virus, at a minimum, devices need to be using up-to-date anti-virus software.
“Solutions such as Palo Alto Traps can be easily sent to an employee’s device and can provide an enhanced feature set,” Niall said. “Traps replaces legacy antivirus and secures endpoints with a multi-method prevention approach that blocks malware and exploits, both known and unknown, before they compromise laptops and other devices.”
People are advised to change their passwords more regularly, hesitate before clicking on things (from anything ‘Free’ through to memes on social media).
Encourage employees to use your cloud solution remotely and deter them from using personal cloud storage solutions that are not secured by your company’s data protection protocols.
If you are not using a cloud-based file sharing solution, the good news is that Microsoft is currently offering its Teams solution for free. And it seems that, for many, working from home could be here to stay.
“The pandemic has fundamentally changed the way businesses operate,” Niall said. “Organisations who were slow to promote remote working now see value in it. One clear positive is the potential cost saving from having smaller offices.
“A lot of the fear has gone out of wondering if people at home are actually working. Companies have ways of measuring productivity. Workers check in regularly with their employers. At Vodafone, we are very rigid in reporting the working hours to our line managers.
“And workers have learned the value of having structure to their day. It is important for people to close the laptop at the end of their day to feel that they have left work.
“Of course, those childminding by day in recent weeks may have had to flip their day around and work by night instead. They need that flexibility. Once you get the security right, the positives far outweigh any negatives.”