It is a sad state of affairs when a global virus proves to be a nexus to computer viruses. However, one of the immutable laws of the universe is ringing true: ‘out of disaster, comes opportunity’. And unfortunately, in this case, the ‘opportunity’ is being taken by cyber criminals ramping up their phishing efforts, and taking advantage of the uncertain times.
As a small business owner, whilst your priorities at this time are probably on your personal health and hygiene, and the wellbeing of your employees, now might also be the time to brush up on some ‘digital hygiene’ habits to prepare your business for this newly emerging wave of threats.
Be on the alert for phishing emails and websites
Criminals are crafting emails and websites purporting to provide information on a vast range of important topics, such as health reports, travel advisory updates, flight cancellations and school closures, just to name a few. Some of these communications are skillfully crafted, making it difficult to identify them as a phishing email or website. Be on the lookout for emails or websites that ask you to click on suspicious links or request sensitive information such as log-in details, credit cards, passwords, passports, health details or addresses, and ensure you’re raising this awareness with your staff.
Take this opportunity to ensure your employees genuinely understand the importance of protecting your business’s data, and understand their responsibilities
Test your remote working capabilities and policies
Such testing should be part of a regular Business Continuity Plan. In the current environment it is recommended that businesses ensure all staff understand the protocols they must adhere to when working remotely.
Testing your capabilities is an important step, as individuals may not be aware of all policies, procedures and protocols. It is essential the appropriate security functions have been implemented and are functioning correctly, such as Multi-Factor Authentication and VPN.
Take this opportunity to ensure your employees genuinely understand the importance of protecting your business’s data, and understand their responsibilities when it comes to hard drives and file encryption in storage and in transit. Brief your staff members on home network best practices, including the use of non-default router and Internet of Things (IoT) passwords.
WiFi may be your enemy
Unfortunately, public and personal WiFi networks may be compromised in certain circumstances. Delete WiFi credentials from your device as soon as you disconnect and enforce a strong password to your router (ensure it has been changed from the default password). Where possible, operate within a VPN.
Check Your Insurance
If you and/or your employees are now working remotely, there may be a heightened risk of cyber threats. Further, there may be a new level of information sharing between your business’s network and your employees’ personal systems not previously anticipated.
If you have cyber insurance, it’s worth contacting your broker to confirm whether cyber attacks that occur whilst working remotely are covered, and clarify whether you have any additional obligations or need to disclose any of your policies, practices and procedures on remote working.
What can you do as a small business?
Awareness and proactive action makes a difference. We have witnessed a variety of attacks where criminals attempt to exploit the current situation. These include among others:
- Coronavirus phishing scams preying on fear and confusion about the virus
- Phishing and scam websites themed around the pandemic
- Exploitation of leading corporate VPNs with major vulnerabilities
- Ransomware attacks on hospitals where scammers anticipate the urgent need to function will push administrators to pay ransom amounts
There are actions you can take to help combat cyber-attacks:
- Ensure work-from-home employees understand how to configure and connect to your Virtual Private Network (VPN) providers and avoid split-tunnelling
- Plan fallback measures for phone-based and off-net communications and work, as many (VPN) providers may encounter scaling issues as large numbers of users join
- Ensure the computers and devices work-from-home employees use are updated with the most current system and application versions
- Assess your cyber security resilience plans/incident response plans and ensure that cyber insurance limits are appropriate for any potential financial impact as the result of a cyber-attack
If you have any questions regarding your insurance policy, or if you have suffered a claim or incident, please contact your Aon representative to assist you during this challenging period.
Subscribe to SME Talk