Mark Brown, Founder of Psybersafe, explores the dangers of hacking when working from home and offers some advice on how to keep your business safe
Over the last year and a half more businesses than ever have had to adapt to working from home. This is likely to continue to a certain extent as life starts to return to normal but it can increase the risk of your business being hacked. With cyberattacks an increasing risk for organisations of all sizes, Mark Brown, founder of Psybersafe says that businesses should be paying more attention to training their people to spot and avoid potential scams.
Around 90% of successful cyberattacks are down to human error. The pandemic hasn’t helped: hackers are quick to spot a new gap in the market, so it’s unsurprising that Covid-related phishing attacks rose by 600%. In fact, in April 2020 at the beginning of the pandemic, Google intercepted 18 million emails per day trying to scam people on this basis. Graeme Biggar, Director General of the National Economic Crime Centre recently warned businesses to be aware that criminals were exploiting the COVID-19 pandemic to scam people in a variety of ways and that this was only likely to increase.
There are challenges posed by remote working. Our home wifi is likely to be less secure than the office, and we don’t get any of the psychological signals that make us think more carefully about what we do and how we do it – things like using security passes to get into the office, for example.
Hackers know that we are likely to be more relaxed at home. And that makes remote workers an easy target.
What can employers do?
If you are planning to make home or remote working a permanent part of your workforce plan, you need to make sure that employees are taking cybersecurity safely – wherever they are. Here, we share our top things to think about:
-
Remind employees about their data-handling responsibilities
With stories in the press about personal email use, and leaving print-out data in public places, it’s worth remembering that it’s your business that will be fined if private data is lost or stolen due to employee error. Make sure your staff are only using company email addresses for company business. And avoid printing out data when away from the office.
-
Make sure wifi networks are secure
Make sure that home networks are set up with WPA2, a network security technology commonly used on all wifi hardware since 2006, which encrypts data as it is transmitted.
We would also recommend changing the default router password to a password that is at least 15 characters and includes letters and special characters like *&^%$.
-
Provide secure hardware
Hackers are looking for people who are using their own devices – they are an easier target and that means more opportunity. If you can, make sure all your employees are using business devices. You can then control the security and protection of those devices, reducing the opportunity for hackers.
-
Keep cybersecurity front of mind
Make sure you have regular communication with your team about cybersecurity. Have a message that pops up every time someone logs into your system, for example. Use communications to reinforce the message – everything from daily team meetings to weekly all-business emails. Make sure people get into the habit of checking everything and assuming nothing.
Hacking is here to stay
Hackers make lots of money from their scams and that means that they are unlikely to stop any time soon. It is therefore up to your organisation to make sure that you give your people the correct training and environment they need to recognise the signs of a scam and have the tools and behaviours that can protect their data and the data in your organisation.
At the top of this article, we said that 90% of successful cyberattacks are the result of human error. Now is the time to make sure your people are trained to be aware of the risks, know how to mitigate them and engage in the positive behaviours that protect your organisation in the long term.