11 June 2021
As remote working continues, will your IT infrastructures come under attack ?
The flexibility of remote working during the pandemic has certainly helped businesses survive in these uncertain times. IT has provided a seamless approach to the transition between home and the workplace. However, the threat of cyber attack is omnipresent.
With this in mind, you may find the list below useful. It outlines some best practice IT measures to help keep your technology secure.
You should also read your insurance policy to ensure that cyber insurance is covered. If you’re unsure, or require this insurance, we can help.
The message for your staff:
· Passwords do matter: Strengthen the passwords you use. Particularly those to log on to email or work applications. They should be at least 12 characters long, including a mix of numbers, symbols and upper and lower-case letters.
· Be alert to phishing: If you receive an email with an unusual request, check the sender’s details carefully. If you are still unsure, don’t respond in any way. Do not click on unknown or suspicious links.
· Secure your device: If you use a company laptop for personal items, this can create a security risk. The risk is even greater if you use your personal computer for work. If you do, take advice about uploading a strong anti-virus and security package.
· Check the safety of your wi-fi: Unsecured wi-fi networks are easy for cyber criminals to crack. Protect your home network with a strong password. If possible, use a VPN (Virtual Private Network) connection, which encrypts data travelling between your computer and the company network. Do not connect to unsecured public networks – particularly in hotels and coffee bars.
What you, as an organisation, need to do:
· Trust no-one: Set up your remote access system on the principle that everything must be verified. Use multi-factor authentication (password plus). Encrypt links using VPN or, better still, SDP (software-defined perimeter) which enables one-to-one authenticated connections between the user and the resource they are accessing.
· Classify your data: Identify, label and lock-in your sensitive data, ensuring that only appropriately authorised staff can access it.
· Group your staff: Be clear who has access to what information. Ensure that levels of access correlate with levels of data sensitivity, and can be authenticated.
· Check every endpoint: Be certain you can identify the non-office devices you allow onto the system and that they have the right level of security. Devise an action plan to handle any cyber threats from data leakage to attacks from devices on the system.
· Stress-test your system: Ensure it can handle the volume of traffic as your staff increasingly work from home.
James Groves, Cert CII, Commercial Division comments:
“These practical security principles will help companies protect their data and networks against hackers at both ends of the connection. A robust cyber insurance policy can give your business further peace of mind. Centor also offers an e-learning platform, designed to develop your employees’ understanding of cyber risk and equipping them with the knowledge to spot these threats and avoid them.”
James Grove, Cert CII
Assistant Manager, Commercial
020 7 330 8707