The mass migration to remote working caused by the coronavirus outbreak has advantages but also creates cyber security risks for startups. Cyber criminals are seeking to capitalise on hastily arranged systems. Here are some challenges employers and employees need to be aware of.
Phishing on the rise
European Union cybersecurity agency ENISA has reported an increase in phishing attacks since the Covid-19 pandemic started. To protect yourself, be suspicious of any emails asking to check or renew your credentials even if it seems to come from a trusted source. Try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments. Phishing messages try to create an impression of urgency in order to panic you into clicking on a link. Also, be wary of emails sent from people you know, but asking for unusual things.
Businesses should review their corporate incident management plans. Mobile working attracts significant risks and security incidents will occur even when users follow the security procedures. The incident management plans should be sufficiently flexible to deal with the range of security incidents that could occur, including the loss or compromise of a device. Ideally, technical processes should be in place to remotely disable a device that has been lost or at least deny it access to the corporate network, advises the UK’s National Cyber Security Centre.
Where possible, provide corporate devices to staff while who are working remotely and ensure that they have up-to-date security software and security patch levels. It is good practice to have a replacement scheme for failing devices. Due to the sudden move to remote working brought on by the Covid-19 outbreak, some individuals will have to work on personal laptops or mobile devices and these devices must be vetted from a security standpoint first.
If your company has a VPN it should be used wherever possible. Ensure that the corporate VPN solution scales and is able to sustain a large number of simultaneous connections. In addition, all corporate business applications must be accessible only via encrypted communication channels, such as a VPN. VPN use should be subject to two-factor authentication.
If you have the means, ensure that adequate IT resources are in place to support staff in case of technical issues while working remotely; provide relevant information such as contact points to staff.
There are basic cybersecurity pitfalls that always apply and need to be addressed, such as poor password practices, making sure your anti-virus software is up-to-date, back up regularly and secure your home router with a password.
A team effort
If you’re a startup or a small business there is a good chance you don’t have a large IT team or IT consultants to lean on at the moment. You need to make sure that cybersecurity is everyone’s job. Create a policy based on widely available government advice, make sure everyone follows it and use the expertise of your team.