SMEs should be prepared for potential cyber security risks as working from home increases
Across the globe, governments and public health bodies are increasingly advising employees to work from home in a bid to slow the spread of Coronavirus.
Those needing to self-isolate but that don’t feel unwell may also be working remotely. Although working from home has become more common in recent years, for many organisations it is brand new.
In these uncertain times, business owners have a lot to consider and are under considerable pressure to keep staff and customers safe whilst not suffering from business interruption. As they hurriedly try and put together business contingency plans, one crucial issue may slip down the priority list: cyber security.
This is especially true for SME businesses, which are already at high risk – 16% of UK SMEs have suffered an attack in the past twelve months, and yet a large majority of them are not insured against cyber threats.
Working remotely can increase those risks. Employees may be using personal devices that aren’t as protected with strong anti-virus software or firewalls. Malware could reach the devices and compromise the security of sensitive commercial data, such as financial information or customer data. Connecting to home wireless networks or unsecured public Wi-Fi networks also increases vulnerability to hackers.
In the past few days, we have also seen opportunistic scammers sending phishing emails that are designed to trick people into opening them because the emails look as if they contain important updates on the Coronavirus outbreak. There are a number of ways to make sure emails aren’t phishing attempts. Before clicking on a link in an email, double check the address to see if it looks genuine, and hover the mouse pointer over it to check the destination address matches the link in the email. Make sure you look at the email address too – not just the name you can see displayed. The email address should come from a domain that matches the sender’s supposed organisation (the domain is the bit in the email address after the @, for example @cpp.co.uk).
Spoof emails – where a cyber criminal pretends to be someone else in order to launch an attack or steal information – could be more likely to succeed, as people are no longer physically in the same building as colleagues. This can be more difficult to track than phishing emails, because spoofs look as if they come from an email address you recognise. Looking at the email header – where you can find more detailed information on the email – can help to discover clues of spoofing. For example, the “return path” section will display the email address that any reply would be sent to. If the email is genuine, it should match the sender from the original email. If in doubt though, just give the person a ring to double check!
There are a number of easy ways to quickly improve your cyber security if you’re now working from home. Firewalls are essential to defend against threats – check that they are enabled on the devices and routers that have a built-in firewall, and install a third-party firewall on the others. Installing anti-virus software will help to detect and block or remove any malware that gets through the firewall. Software updates are incredibly important; out of date software is at a higher risk because updates often include security patches. Setting updates to run automatically will mean your software is always running the latest version.
Many people don’t change the password on their Wi-Fi router from when it is first installed – this leaves home networks vulnerable. Log in to your router control panel to change the password, check for updates, and make sure that the level of encryption is set to WPA2 or WPA3 help secure your home network. It is also recommended to back up your data, which ensures data is not completely lost if a malware incident occurs.
We know that 2020 is already turning out to be a challenging time for SME businesses, which is why we are keen to help insurance brokers and SMEs understand the increased risks so that they can take steps to prevent cyber security issues. This will help them protect against consequences of cyber crime, including further business interruption, loss of customers and revenue, and reputational damage, whilst protecting their employees and customers with remote working.