Today marks National IT Professionals Day which acknowledges the incredible work of all IT professionals in the UK and here in Wales. In recent times, thanks to COVID, businesses have embraced and adapted more fluid ways of working such as allowing employees the opportunity to work from home on a more regular basis. And, thanks to these very able individuals, technology has progressed enough to underpin these significant changes to our way of working.
Yet the challenge for businesses is they have had to relax many of their policies and procedures to allow for more flexible working and so potentially becoming more susceptible to a cyber-attack.
Vulnerabilities organisations most likely face from remote working include:
1. Phishing attacks
2. Weak passwords
3. Unencrypted file sharing
4. Unsecured home wi-fi
5. Working from personal devices
The National Cyber Security Centre offers guidance on how to prepare your employees when remote working. It’s now more critical than ever for businesses to factor cyber resilience into their IT resource and focussing on the increased threats that now exists.
So, we asked one of our own IT professionals and Cyber Essentials Partner – Tony Daly, MD of Seiber – for six top tips to improve your security posture and security awareness.
1. Password Strength
Weak passwords can be cracked in seconds. The longer and more unusual it is, the harder it is for a cybercriminal to crack. The use of password managers (discussed below) can help with this as many of them have password generators built in.
2. Password Managers
Think of all the accounts that you may have. Do you have difficulty remembering the different passwords and ensuring they meet the required password complexity standards? If so, then consider the use of a password manager as it can store all your passwords securely, so you don’t have to worry about remembering them.
3. Consider your digital footprint
LinkedIn is a goldmine for professional information as one example. Images, comments, likes, tags, and many other features all give away an insight into your life and of those around you both personally and professionally. There are thousands of social media and lifestyle platforms which if not used with consideration will present your personal and professional information to anyone who wishes to see it.
4. Multi-factor Authentication (MFA)
MFA, also known as two-factor authentication, is one of the most effective ways to protect your online accounts from cybercriminals. Even if you’ve always secured your passwords, they can be stolen through no fault of your own when an organisation suffers a data breach. Once you’ve enabled it, you’re instantly much safer online because of this easy to implement method.
5. Virtual Private Networks (VPNs)
Public Wi-Fi should be avoided where possible as there’s no guarantees regarding its security and whether what you are about to connect your device to is in fact the legitimate Wi-Fi for that location. The use of a virtual private network (VPN) can help mitigate the threat from this. It is an encrypted connection over the internet from a device to a network and helps ensure that sensitive data is safely transmitted.
6. Install the latest software and app updates
You should apply updates to your apps and your device's software as soon as they are available.
They include protection from viruses and other kinds of malware, and will often include
improvements and new features. If you receive a prompt to update your device (or apps), don’t ignore it. Applying these updates is one of the most important (and quickest) things you can do to keep yourself safe online.
The WCRC offers a number of services designed to help organisations assess, build and manage their internal cyber resilience processes and mitigate any potential damage a cyberattack may create. It also provides affordable services which focus on remote and web vulnerability assessments that identify weaknesses and how these can be fixed.
For more information you can contact the centre and a member of the team will be in touch.