team


By Alex Bransome, CISO at Doherty Associates


In response to the UK government advice to employers on COVID -19, and schools nationwide closing from Monday, the majority of the UK’s SME workforce are currently working from home, some for the first time. This makes them particularly vulnerable to cyberattacks, as hackers take advantage of employees working in isolation, without the support and counsel of colleagues and IT.

Several malicious COVID-19 campaigns have already been observed aimed at exploiting public fears. Tactics include impersonating health officials around the world with shock tactics and false claims, using phishing emails, text/SMS, and social media posts to spread malware and steal information.

Credential stealing malware has also been implanted into a coronavirus map application targeting victims seeking information on the COVID-19 spread. This malware steals credentials and payment card details from your computer if infected.

The decentralised nature of homeworking also forces people to work in different ways. Some may start downloading data and information onto their machines and devices – many of which are personal – to enable them to work from home. This puts company data at further risk as home devices are less secure.

Safely transition employees and remain secure

The key is to provide the right guidance and the right secure access to facilitate working remotely.

To do this, conduct a cyber risk assessment to identify, analyse and evaluate risk, particularly around remote access as well as in other areas. As email is the primary method of communication, staff are more likely to be caught out by phishing and social engineering attacks.

Have a clear remote working policy outlining the procedures that must be adhered to when connecting and accessing corporate data remotely. This will help your employees to understand how to implement best practice methods in communicating and sharing of information, and help to avoid inadvertent data loss.

Also ensure that employees are extra cautious when it comes to malicious applications. Strongly emphasise security best practices around email, as this is the biggest threat. Instruct staff not to open unsolicited emails, click links or open attachments within those emails. Additionally, invest some time into a password manager to keep your credentials secure. Password managers help avoid password reuse, making it easier to have different, randomly generated passwords for each service used. This means if one password does get compromised, the others stay safe.

And, with so many third-party file sharing and email platforms available for personal use, employees, often while working on the fly, can potentially leave the business at risk by sending files to personal emails or cloud accounts. Education and ensuring that protocol is followed at all times is key to staying secure.

What other threats can we expect?

As well as targeting users via emails and instant messaging platforms, we are going to see attackers targeting online video communication platforms in their social engineering techniques as more remote working technology is used over the coming weeks. These are likely to include fake file sharing emails, meeting invitations and instant messaging communications containing malware and links to fake login pages.

How to ensure business continuity with minimal risk

The best defence against these common credential stealing attacks is to have multi-factor authentication on any internet accessible remote access system and website. The best second factors of authentication are something you have, such as a token generating app on your mobile phone, or something tied to you such as your fingerprint. Home workers should also have a reputable anti-malware software installed if they’re using their personal device, and ensure their computer is up to date with the latest operating system updates. In some cases, it may be advisable for businesses to provide this software for its staff as the risk of not having it is too great.

Finally, ensure to migrate data and workloads where possible to more secure cloud based platforms. Modern cloud services have been built from the ground up using data protection and information security principles. An organisation’s cyber security position can be significantly enhanced by enabling some of the baseline security controls available in many cloud platforms and the holistic security it provides. This improves overall efficiency and accuracy in detecting and responding to incidents.

By working together, and exercising extra vigilance in what is an unprecedented time, SMEs and their workforces can continue to be proactive, maintain workflow and minimise the risk of malicious attacks.