3 minute read
Mobile work and cyber safety
Aon
Staying cyber safe while working remotely
It is a sad state of affairs when a global virus proves to be a nexus to computer viruses. However, one of the immutable laws of the universe is ringing true: “Out of disaster comes opportunity.” Unfortunately, in this case, the opportunity is being taken by cyber criminals ramping up their phishing efforts and taking advantage of the uncertain times.
As a small-business owner, while your priorities now may be your personal health and hygiene and the well-being of your employees, it may also be time to brush up on some digital hygiene habits to prepare your business for this newly emerging wave of threats.
Be on the alert for phishing emails and websites
Criminals are crafting emails and websites purporting to provide information on a vast range of important topics, such as health reports, travel advisory updates, flight cancellations and school closures, just to name a few. Some of these communications are skilfully crafted, making it difficult to identify them as a phishing email or website. Be on the lookout for emails or websites that ask you to click on suspicious links or request sensitive information such as log-in details, credit cards, passwords, passports, health details or addresses—and ensure you’re raising this awareness with your staff.
Testing your remote working capabilities should be part of a regular Business Continuity Plan. In the current environment, it is recommended that businesses ensure all staff understand the protocols when working remotely.
Testing your capabilities is an important step, as individuals may not be aware of all policies, procedures and protocols. It is essential that appropriate security functions have been implemented and are functioning correctly, such as Multi-Factor Authentication and Virtual Private Network (VPN).
Take this opportunity to ensure your employees genuinely understand the importance of protecting your business data—and understand their responsibilities when it comes to hard drives and file encryption in storage and in transit. Brief your staff members on home network best practices, including the use of non-default router and Internet of Things passwords.
WiFi may be your enemy
Unfortunately, public and personal WiFi networks may be compromised in certain circumstances. Delete WiFi credentials from your device as soon as you disconnect and enforce a strong password to your router (ensure it has been changed from the default password). Where possible, operate within a VPN.
Check your insurance
If you/your employees are now working remotely, there may be a heightened risk of cyber threats. Further, there may be more information-sharing between your business network and employees’ personal systems not previously anticipated.
If you have cyber insurance, it’s worth contacting your broker to confirm whether cyber attacks that occur while working remotely are covered, and clarify whether you have any additional obligations or need to disclose any of your policies, practices and procedures on remote working.
What you can do as a small business
Awareness and proactive action makes a difference. We have witnessed a variety of attacks where criminals attempt to exploit the current situation. These include among others:
• Coronavirus phishing scams preying on fear and confusion about the virus; • Phishing and scam websites themed around the pandemic; • Exploitation of leading corporate
VPNs with major vulnerabilities; • Ransomware attacks on hospitals in which scammers anticipate the urgent need to function will push administrators to pay ransom amounts. There are actions you can take to help combat cyber attacks.
1. Ensure work-from-home employees understand how to configure and connect to your VPN providers and avoid split-tunnelling; 2. Plan fallback measures for phone-based and off-net communications and work as many VPN providers may encounter scaling issues as large numbers of users join; 3. Ensure the computers and devices that work-from-home employees use are updated with the most current system and application versions; 4. Assess your cyber security resilience plans/incident response plans and ensure that cyber insurance limits are appropriate for any potential financial impact as the result of a cyber attack. About the author Aon is a leader in risk and insurance broking and arranges a range of insurance solutions for occupational therapists. As the preferred insurance broker to OTA, Aon is proud to provide cover for OTA members and its number of clients continues to grow. If you’d like to find out more about Aon or get a quote, please visit aon.com.au/ota, call 1800 805 191 or email au.ota@aon.com.
