Currently, many businesses continue to work remotely with one in three UK workers currently based exclusively at home. It is a trend expected to continue this year with hybrid working expected to become the norm. With the changing world of work, cybercriminals will continue to exploit human error and target vulnerabilities in systems – no matter where your employees work from.
Red Flags to Look Out For
Cybercriminals use sophisticated tricks and techniques to target and illegally access businesses' confidential data. Be it phishing, ransomware or social engineering. To beat cybercriminals and ensure cyber safety and information security in the hybrid workplace, let's look at some of the common red flags of modern social engineering and cyber attacks:
- Suspicious links or downloads: Avoid clicking on links in emails that you receive from people you don't know. Take the time to inspect the sender information and whether the email source is genuine. If in doubt, always best to not click or download.
- Signs of urgency: Many attacks are designed to force the user into taking action promptly. For instance, it could be an email on an outstanding invoice yet to be paid or taking action on an external account to prevent disruption to service.
- Requesting sensitive information: Such as bank details or national insurance number for tax purposes. Any legitimate organisation will always call you directly if they gather sensitive information.
- Posing as public or government bodies: Many individuals and businesses report being contacted by public or government bodies. Such as tax refunds from the HMRC, email attachments from the World Health Organisation (WHO) and even bitcoin donations to help fight the coronavirus. These are scare tactics aimed at giving up work or personal email details.
Reducing the Risks
We are strong believers in prevention is better than cure. The best way to reduce the risks of cyberattacks is to invest time and resource in keeping your systems secure and ensuring that your employees are aware of the cyber threats facing your business. The level of threat remains the same irrespective of whether they work from the home or from the office. But in a hybrid working set up, the chances of human error can go up as seen during the COVID19 pandemic. It's vital for businesses to recognise the risks and take proactive measures to keep their business prepared as they move to a hybrid working model.
Keeping Systems Secure
Most cyber-attacks aim to target organisations with outdated computers and systems which haven't had the critical security updates or patches installed in a long time. With a lack of security, hackers can easily gain access to business networks and systems. They may also use ransomware to resort to blackmail to hand-back control of systems and databases.
Keeping systems up to date, especially when working remotely, is the first line of defence against cyber-attacks. Make sure you have invested in a reliable IT team and systems which can protect your devices and networks from viruses and hackers. Antivirus software is a cybersecurity cornerstone that can protect against various malware by providing security features such as firewall, spam filters, real-time scanning and security reports, among other things.
Implementing a Cybersecurity Policy
An efficient, company-wide cybersecurity policy can help organisations outline the best practice for their employees to follow while hybrid working and ensure they are taking the necessary steps to keep business information secure. A comprehensive cybersecurity policy is essential for driving the message from the top and raising awareness amongst your employees. Make sure the cybersecurity policy covers:
- The importance of cybersecurity
- Recognising cyber threats such as phishing and ransomware
- Installing security updates and patches
- Keeping computers and devices secure when not in use
- Effective password management
- Using email and the Internet securely
Investing in Awareness Training
Many experts recognise cybersecurity awareness training as a key priority in a hybrid working world. Many cyberattacks are often attributed to employees inadvertently creating an entry-point to the systems that cybercriminals could take advantage of. It all comes down to a lack of awareness which can put your employees at risk of making errors in judgement, resulting in information security breaches, company downtime, or financial loss. Educating staff reduces the likelihood of successful cyber and social engineering attacks. Make sure your awareness training program is capable of rolling out effective learning interventions over a number of years – after all learner engagement and knowledge retention are the key ingredients in ensuring effective awareness training and return on investment.
As specialists in awareness training, we can support your business with our online training solutions for cybersecurity and information security. Visit our Information Security collection page to find out more.