How to combat cyber criminals - Johnty Mongan

With remote working among Yorkshire businesses more commonplace as a result of the Covid-19 pandemic – a trend which is likely to continue after lockdown lifts – cyber criminals are seizing the opportunity to target employees who are isolated from colleagues, and exploit insecure remote connections and software – leaving businesses vulnerable to both financial and reputational damage, as well as disruption to their operations.

Notably, there has been a recent spike in cyber attacks targeting the uncertainty and fears surrounding the pandemic, which often try and trick victims into opening infected attachments and links, or to enter their credentials via email.

The National Cyber Security Centre’s (NCSC) Suspicious Email Reporting Service received over a million reports of scam emails since the start of lockdown.

Hide Ad
Hide Ad

The emails can be very deceptive, and may appear to be sent from a trusted source, often asking recipients to open a link to a new company policy related to the Covid-19 pandemic.

Cyber attacks are often caused by human errors.Cyber attacks are often caused by human errors.
Cyber attacks are often caused by human errors.

With a growing number of attacks targeting home network infrastructure, and cyber criminals exploiting existing vulnerabilities to install malicious software on users’ systems, businesses should audit and secure their remote working systems and tools, ensuring all company devices are equipped with essential security capabilities.

To allow remote users to securely access an organisation’s IT systems, such as emails and shared drives, a virtual private network (VPN) gives employees online privacy and anonymity by creating a private network from a public internet connection – masking their internet protocol (IP) address so their online actions are virtually untraceable.

To minimise the risk of cyber attacks via log-in procedures, particularly if they are password-only, companies can implement Multi-Factor Authentication (MFA), an entry mechanism that supplements a log-in password with an additional layer of security, such as a one-time code – minimising the ability of cyber criminals to make use of stolen or compromised passwords.

Hide Ad
Hide Ad

To prevent cyber attackers from gaining access to employees’ computers through vulnerabilities in older and outdated systems, businesses should ensure remote access systems, as well as any antivirus software, are the most up-to-date version.

With cyber attacks often originating from human errors, such as an employee opening a phishing email, it’s more important than ever for businesses to provide staff with the right resources to reduce their exposure to potential cyber incidents.

Creating a remote working policy enables colleagues to manage the risks involved with working outside the office environment, including guidance on storing devices securely and creating and maintaining strong passwords. The policy should also provide guidance on how to spot unusual or potentially malicious email activity, and clear, easy-to-follow steps to report cyber incidents.

There isn’t a one-size-fits-all approach to cyber risk management, and the role of a specialist cyber insurance broker can be invaluable – helping organisations to identify, mitigate and respond to any risk of financial loss, disruption or regulatory exposure.

Hide Ad
Hide Ad

During the age of remote working, companies must ensure they have a full toolkit of security initiatives to support staff in the remote working environment – including having comprehensive insurance in place, ensuring their malware protection is up-to-date, and implementing user awareness training.

Johnty Mongan - Cyber security analyst – Gallagher