For us in the digital marketing business, adapting to working from home has been a lot easier than for other companies.
We tend to work from a laptop, so it doesn’t matter where we are.
I have an office, but I tend to work mostly from home, and when lockdown happened, the only difference was that I rushed to pick up my laser printer. Even then it was to print off the kids’ homework, I barely use that now, either.
But for many businesses, it was a rush to get laptops and plug them in and use them as you would at work, except now you are no longer within the security of your company network.
This has gone unnoticed by thousands, probably millions of people, but in many cases the security afforded to workers when within a company building can be lacking when those same users log in from home.
And the bad guys are already exploiting it.
Way back in March, security firms were telling us that phishing scams had already increased by over 600%.
If you don’t know, a phishing email is when you receive an email that looks genuine but instead takes you to a link where your details, be it personal, financial or otherwise, are stolen from you.
They’re often very sophisticated, and people are quickly taken in by them.
For example, they might look like a link from your bank that says “Your security details have been compromised, please click here to reset your password.”
Because it looks real, you head on over to the site, which itself will look extremely convincing and you hand over all your details.
Covid-19 makes it even more terrifying because they play on a fear that is very real and present, and so people are even more likely to fall for them.
Many of them try to get you to download a file that can then take over your computer, encrypt your data and then extort money out of you.
An example of an email like this is here:
At home, you’re on your own
Many companies are wise to this, and so they have in place very secure networks that can detect when something is awry.
Your email server will have the latest anti-virus, anti-malware and anti-phishing software built-in so it will already be looking for emails that aren’t right.
If the email gets through that and you click on the link, your PCs protection will likely kick in and you’ll be safe.
But even if that fails to stop it, your network protection will likely kill it in its tracks.
Many companies have “white lists” of websites that you’re allowed to access, and if it ain’t on the list, you ain’t getting in.
But at home, you might not have such protections.
If you’re lucky, you will gain access via a VPN or “virtual private network”. This is a network layer that sits on top of your Internet connection and connects you to the outside work via your company’s internal network.
However, many companies weren’t geared up for the number of users that would be logging in remotely, and their networks couldn’t cope.
I’m sure you’ve been there. You load up Microsoft Teams, you join the meeting and all you see is a blank screen.
To get around this, a lot of IT departments may have released you from the shackles of their security and allowed you to use your Internet unhindered, essentially giving you free rein in the web and all the bad stuff that goes along with it.
Unfortunately, this not only leaves your computer open to vulnerabilities, but it could also potentially be a big security hole for your company.
Protecting yourself and your company
As we adjust to life after Covid-19, we need to take security even more seriously than we did before, and that means taking precautions above and beyond simple anti-virus software.
The workforce needs to understand the security risks and how to spot a potential phishing scam or any type of email, web-based or even phone scam that might reveal sensitive information.
They should never get calls from work, HMRC or the bank that requires them to hand over any personal information.
If they’re at all suspicious, they should hang up the phone, leave the website or delete the email and then speak to the IT department straight away.
Virtual Private Networks should be the norm within your company as it’s the single point at which you can catch all the problems that may affect your users.
Make sure your anti-virus and mail protection software subscriptions are up to date to ensure they’re regularly updating, at least daily if not even more frequently. These things can travel fast.
Of course, your VPN then becomes your single point of failure, so have a back-up!
Ensure all anti-virus software is pushed out to users as soon as updates are available, and make sure you know exactly who isn’t running the latest version so you can track them down.
A single weakness is all it takes for sensitive company information to be lost.
Have a strict security policy and stick to it
If a user can’t use the network because of your security policy, then deal with it.
Do not let them slip outside the net and enforce policies on them that will ensure they can’t merely bypass your security so they can access the Internet freely.
Your company data is essential, look after it
HMRC will look very dimly upon companies who fail to look after their data and end up being late filing returns or paying their bills.
Likewise, the ICO will come after you if you’ve been lax with information gleaned from clients.
This is not a time to relax your systems to “get things done”, now is the time to work with your IT departments, work with your staff and ensure you are ready for the onslaught of new online scams that will inevitably appear.