As the number of COVID-19 cases escalate, so do the number of cyber attacks on remote workers, especially those in the small and medium business (SMB) sector.
“The bad guys know that large companies have all kinds of controls in place,” said Michael Ball, a virtual CISO and Cyber Security Consultant, at an ITWC webinar. They’re going to attack the little guys in the hope that there’s a network connection back to a bigger one.”
With the quick transition to remote work, many businesses haven’t had a chance to extend security measures to cover offsite employees.
These threats are particularly harmful for small businesses, said Ball. “Sixty per cent of small companies that suffer a cyber attack are out of business within six months.”
“Businesses are already fragile right now,” said Jim Love CIO of ITWC. “But if you think you’re too small for the attackers to bother, think again. Think when, not if.”
How to defend your business
Here is Ball’s advice on ten things that every business should do protect itself against the rising tide of threats:
- Use corporate laptops for work only. “That stops a lot of access to unsafe sites on the corporate machine,” said Ball.
- Use a VPN with profiles to control which apps on the laptop can access which apps in the company. “In a pandemic situation, businesses are standing up VPN situations that are wide open so everything inside your machine has access to everything inside your corporation and you’ve circumvented all controls on the firewall,” said Ball. Remote workers should also use the VPN for their VOIP phones.
- Use two-factor authentication. “Don’t let anyone tell you that you don’t need two-factor authentication,” said Love.
- Back up cloud applications and lap tops. Businesses should develop clear policies on who is responsible to back up lap tops and when, said Ball.
- Turn on endpoint protection against malware. When employees moved out of the office, they were no longer covered by onsite URL filtering. Any endpoint protection software that is continuously updated will do the job, said Love.
- Take steps to secure Wi-Fi. Change the password periodically. Ensure WPA2 encryption is turned on. Turn off SSID name broadcasting. “If people don’t know the name of the connection ID, there is nothing to attack,” said Ball.
- Protect conferencing. “There’s a new trend known as ‘Zoom-bombing’, where uninvited individuals join video conferences,” said Ball. To avoid this, set a pass word for the conference and mute everyone on entry. Make sure nothing confidential is shown on the desktop or is visible from your webcam.
- Do not click on any email link with COVID-19 in it.“There are a multitude of related scams,” said Love.
- Provide employee training. “All of this means nothing if your employees aren’t trained,” said Love. It’s been proven that frequent training cuts the number of security attacks.
- Be nice to tech support.“Our tech resources are stretched thin now and they’re fragile,” said Love.
Who has the time and money to do all that?
For small business, it’s not easy or affordable to take all of the necessary security precautions. “Three out of four small businesses don’t have the proper personnel to address IT security,” said Ball.
The solution is to subscribe to a virtual security team. A team of experts will handle the security side of things for you, including monitoring, preventative measures, a response plan and training, said Ball.
“Think of it like an alarm system for your house,” said Ball. “You put monitoring devices on your doors and windows and, if there’s a break-in, the alarm company will call the police. We offer the same thing for your corporate network.”