Throughout the COVID-19 pandemic, countless stories have featured in the press about UK businesses who had fallen victim to cyber-attacks.
With home working on the rise (and likely here to stay), many organisations have enhanced the digital solutions utilised to manage daily business remotely. With the use of cloud-based applications, personal devices and collaboration tools increasing, cybersecurity is now all the more important for you and your employees.
In this article, we aim to provide you with our five top tips to better manage cybersecurity amongst multi-location teams.
Develop a risk treatment plan and continue to review it.
As businesses and their environments change, so do their risk profiles. It’s important to continuously review your risks and refine actions in light of changes to your organisation. For some companies, remote working might be entirely new, if this is the case, you must reflect on recent incidents and highlight any new hazards that you may not have previously considered.
Now might be the time to invest in implementing ISO27001, the internationally recognised standard for the management of information security. As the standard is risk-based and requires the development of a risk treatment plan, businesses can take a broad, commercially focused view on what they need to do to manage cybersecurity.
Once you’ve identified any potential threats, it’s important to prioritise as you cannot eliminate them all at once. Developing a prioritised roadmap allows you to reduce the biggest security dangers immediately and helps make risk reduction commercially feasible.
Provide employees with training to avoid phishing scams.
Many cybercriminals took advantage of the COVID-19 pandemic by sending phishing emails intended to lure users to click on malicious links or download files and allowing hackers to steal sensitive data or even take control of a user’s device. Action Fraud estimated that Britons lost around £3.5 million during March and April 2020 due to cyber fraud.
Furthermore, when furloughed employees begin to return to work, many will face an enormous backlog of emails. Rather than carefully sieving through hundreds of emails, employees are likely to rush through their emails to clear out their inboxes. This means that they are more prone to accidentally click on malicious links and give away confidential information.
You must educate and communicate clearly with your employees to ensure they are aware of the dangers of phishing messages and what actions to take if they receive any suspicious emails.
Utilise multi-factor authentication across the board.
Multi-factor authentication (MFA) is a great way to reduce cybersecurity risk as it provides additional protection, making it less likely for hackers to gain access to critical systems.
Two-step verification has become a standard for most leading software services, including Microsoft and Google. Once you input your password, you may have to answer a question using your personal, memorable information or sometimes you might be sent a verification code to your preferred contact number that's programmed into the software. Microsoft has reported that 99% of those who have their account hacked do not have two-step verification in place.
MFA is a quick, simple way to improve cybersecurity and reduce risk, yet according to statistics, just 10% of Google users take advantage of this security function. To support our customers deploy effective MFA procedures which do not hinder user productivity, Central offers a range of products that can be simply implemented.
Use encrypted video conferencing at all times.
Throughout the lockdown, there have been many stories about hackers targeting video conferences to gain access to sensitive information. You must choose a video conferencing software that is encrypted to help protect against this.
MS Teams incorporates built-in security features, as well as customisation options that allow its users to set their own protocols. It includes various authentication procedures to make it harder for unauthorised users to gain access such as organisation-wide, two-factor authentication or a single sign-on through Active Directory. This provides its users with the confidence that their conversations are private and secure.
Put effective monitoring and management of cyber security processes in place.
Investing in cutting-edge technology is only part of the solution to managing cybersecurity. Companies also need to make sure they can continuously monitor and manage systems in a controlled environment. This preventative measure allows organisations to ensure that their IT systems are working correctly and that they are able to proactively identify any potential issues.