Subscribe

Stay Secure To Ensure Business Continuity

/ 2nd April 2020 /
Ed McKenna

Nial Tuohy, Vodafone security expert, explains what to do about the range of risks to business systems thrown up by working from home

Covid-19 is rapidly changing how we work and do business, and with companies across Europe and the world continually taking steps to ensure business continuity, whilst managing the health and safety of their people. However, as more employees are encouraged to work from home, the risks for a security breach multiply. Whether your business is a large bank or a small firm, security must be built into your Covid-19 continuity plans.  

Phishing in the era of Coronavirus 

Many people are relatively cyber aware today and understand that they should not open emails asking for sensitive information, insisting you act upon something immediately. However, reports from the FBI and other international security bodies show an increase in phishing attacks, as criminals seek to capitalise on the pandemic.

New scams or ‘scare-ware’ through email, text and social media are designed to exploit public fears about the virus and business fears about our new remote reality. According to the National Fraud Intelligence Bureau in the UK, victims lost over £800,000 to coronavirus scams in February. 

For example, scammers are offering information or statistics on coronavirus, deals on surgical masks or free VPN offers for businesses, but when you click on the link a malware, or malicious software, is installed allowing them to take control of your computer, log your keystrokes and access company and/or customer data. 

These phishing emails may look like they come from an internal address, but if it looks any way unusual, it is important that you contact the sender before opening the link. And be aware of free or limited offers from unknown parties and untrusted websites – if it’s too good to be true, it usually isn’t!  

In Association with

Secure home working: connect with confidence  

Securing your devices is key to secure home working. For businesses that already have security built into devices, make sure your solutions are up to date and operating on the latest versions. At this time, you may want to add a feature so employees can clearly see when an email was sent from an external source. 

Company devices should have a VPN or virtual private network so employees can access company email and applications, without risk, preferably with a two-step authentication process. Businesses may also want to blacklist certain websites and install more robust device management software for an added layer of security in these uncertain times. 

For people working from home, malicious attempts to gain entry to your WiFi are possible. To mitigate this, and as a best practice, you should always change your home WiFi password from the generic admin password provided to a personalised one. Another option is to ‘hot spot’, using the mobile data from your device, if it is secured through robust management software. 

People may be working with a combination of personal and company devices as an interim step to ensuring business continuity. Without the security of a firewall or the ability of updating or enforcing the latest anti-virus, at a minimum, devices need to be using up-to-date anti-virus software. 

Solutions such as Palo Alto Traps can be easily sent to an employees’ device and can provide an enhanced feature set. Traps replaces legacy antivirus and secures endpoints with a multi-method prevention approach that blocks malware and exploits, both known and unknown, before they compromise laptops and other devices.  

Securing personal devices 

Some companies are in a situation where employees need to use personal mobile devices for email and other tasks. If employees do not have a laptop, and are using a phone or tablet to access email, there are mobile device management tools available to help secure the device and push email profiles and applications directly to it. 

Employees should also be encouraged to change their password regularly on the device they are using, but enforced password change and time out options can also be activated through the mobile device management tool. 

Back up to the cloud

Most companies now work with cloud tools. If you are not using a cloud-based file sharing solution, the good news is Microsoft is currently offering their Teams solution free. Also, in the last minute rush to work from home, many people may have downloaded company files directly to their laptops, but working off these files means they are not backed up in the cloud and are prone to ransomware attacks. 

Encourage employees to use your cloud solution remotely and deter them from using personal cloud storage solutions that are not secured by your company’s data protection protocols. 

Industry is being responsive to the impact of Covid-19 in so many ways, with restaurants offering delivery services and supermarkets adopting innovative ways to ensure people can socially distance in-store. Cybercriminals are adopting new ways too and businesses must ensure data, devices and any endpoint that an employee is using are fully protected. The team at Vodafone Ireland Business is on hand to offer guidance and support for any customers going remote. 

Niall Tuohy (pictured) is security product manager at Vodafone Ireland 

 

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram