I use this photo of the British actor Terry Thomas in my cyber security training sessions, asking “Would you buy a used car from this man? …… What if you couldn’t see him? What if he had sent you an email and sounded genuine?”. It never fails to get a laugh and a good reaction from the attendees.
Unfortunately, cyber criminals aren’t so kind as Terry (though they can be as charming). The criminals are more than happy to take advantage of the coronavirus pandemic, as can be seen from the phishing campaigns using links to health information and outbreak maps.
They will also scan the Internet looking for insecure remote access servers, and will continue to target staff in an attempt to gain access to email or get them to pay funds to the wrong bank account.
There are three areas you need to consider when expanding your organisation’s use of remote access:
People
Phishing attacks will continue, and new ones may target people working at home (“Click here to join videoconference” for example). You will need to make sure that your staff know how to spot and avoid these attacks, and know how to report them – given that they can’t just walk around the corner to the IT department. Keep them updated with alerts about the latest phishing campaigns, and if you feel they may need some extra training then our online course is ideal. Privacy and confidentiality is also a consideration – advise them to lock their screens if going away from their PC for a while.
Process
Staff who used to be working in the same office may now be spread across the city. This is like to reduce the ability to ask quick questions like “What should I do with this request to transfer money?”, “What do I do when a supplier changes their bank account?” or “Does this look genuine?”. Having clear policies and procedures that staff can refer to will be important to reduce the risk of fraud or other mistakes.
Technology
You need to make sure that any remote access solutions you are using are secure. For servers this means making sure they are fully patched and that the firewall is configured correctly. SaaS apps such as Office 365, Teams need to be configured so that you keep control of the data held by them and accessed by your staff on their home computers.
Two factor authentication (2FA) needs to be enabled on remote access servers and SaaS apps. Office 365 comes with basic 2FA built in, which is fine for remote workers and will protect them from email account compromise. Other SaaS apps such as Gmail and Gsuite also have 2FA built in. Remote access servers will need additional software – Duo is a good solution with free licensing for up to 10 users.
You’ll also need to think about the devices your staff will be using. If you have expanded email access to more mobiles, then advise staff to update their software versions and to install anti-virus on Android devices (AVG provide a free version which is actually good). The same advice applies if they are connecting in using a home PC – make sure patching and anti-virus are up to date.
Videoconferencing software is less of a security risk, but be mindful that some software allow users to transfer files, which don’t get checked for viruses the same way that emails do.
Summary
The major risks from a move to remote working can be reduced by following the above steps, and by good ongoing communication with staff. If this way of working continues, then there may be additional risk and security measures that need to be considered, but the ones above are enough to worry about at this time.
If you have any questions about the above, or would like a quick review of your remote access, then please get in touch.