Cyber safety and COVID-19
The COVID-19 pandemic has resulted in heightened concerns throughout society, not just around public health and the economy, but in particular, cybersecurity. As more people begin to work from home then ever before, there is the potential for a security breach to occur as we change software and our online networks. We’ve collated some of our advice in some areas we think are the most vulnerable when we leave the confines of our offices and set up our workspaces at home.
Not all organisations have the resources to be able to take their equipment home, so some employees are using their own equipment to facilitate their work. This opens an organisation up to unprecedented attacks, as an organisation can’t monitor their employees’ personal device security as closely as they can with the company-issued property.
This is very dangerous territory to be in, as information can end up in the wrong hands - either on purpose through cyberespionage or by accident in the event that the employee’s personal computer is hacked.
The solutions for this are unfortunately not that clear and vary case to case. If an employee’s company-issued equipment can’t be transported home, it’s worth investing in a portable solution such as a laptop, a viable option as laptop capabilities continue to go from strength to strength as the technology evolves. Depending on the length of time an employee may have to stay home, the organisation could also conduct remote IT audits of personal computers - we do ours by using TeamViewer.
We also strongly encourage our clients and employees to keep their computers - both personal and company-issued - up to date and have anti-virus software.
Passwords are the secret keys that get you into your own personal kingdom of social media, online gaming, work servers and intranets, your banking information and more. We all have so many accounts that we use across a multitude of devices, it can be difficult to rely on your memory alone to remember login information. As a result, it’s very common that people rotate between a select few easy to remember phrases. We’ve all been guilty of this - using our birthdays, pet names and street addresses - even the word ‘password’ (!!) - to protect our most important personal information. Unfortunately, this is not the safest option as 2 out of 5 people have had their accounts hacked, password stolen, or personal information compromised in some way - partly due to duplicate and old password use!
We strongly recommend choosing unique passphrases to use for your passwords for every single account you have. This is because they can be easy to remember, but you can make them less personal and hard to guess - for example, ‘quail snipping cane trustful’. This passphrase works well as the items aren’t related at all, but can still be easily remembered. In fact, a passphrase password of four or more randomly chosen words can take 6,000,126 centuries to crack (give or take)!
You can also investigate if your go-to password has been exposed with ‘Have I Been Pwned’ which has created a database of over 555,278,657 (and counting) passwords that have been exposed in data breaches.
It’s also super important to enable two-factor authentication (2FA) on all of your accounts (where possible). This helps the security of your account as it means you cannot log in to your account without entering a one-time verification code sent to you by text, phone call or by a third party app. This extra barrier can help keep unwanted users from accessing your personal information - even if they guessed your password.
If you’re working from home, you might be working from a different computer, or be away from the backup hard drive that backs up your computer on a regular basis without you having to think about it. Backups are very important, as they are your first point of call in the event of a hardware failure, and can help you get back up and running quickly on a different computer.
The data we recommend you do back up will vary depending on your business, but we commonly see clients back up their:
Employee information - especially as the ATO has storage requirements that need to be followed.
To reduce the risk of relying on a physical backup alone, we recommend using cloud services such as DropBox, OneDrive or Google Drive if you aren’t already. These services are great as they back everything up instantly and without you having to think about it (as long as you’re connected to the internet of course). This also makes it easier to log on wherever, whenever to access your company's information - even if your computer dies or something goes horribly wrong.
While there is currently a visible build-up of threats around work and wellbeing with this looming global pandemic, there are easy steps you can take to address at least your security online while your team all works remotely. We want to encourage you to take some power back and step up your remote working game. Start by making some small changes to your online security and safety to help protect you against the invisible world of online cyber-attacks.