With phishing scams increasing in the wake of the coronavirus pandemic, one of the aims of this year’s Cyber Security Month is to raise awareness of “Cyber Scams” with the #ThinkB4UClick campaign. They are looking to share insights on current and potential cyber threats such as phishing, business email compromise and online shopping fraud, as well as highlighting personal data protection methods.
With many businesses currently working remotely, the potential for data breaches can often increase as IT operations become decentralised. However if you put in some basic IT security practices, you need not worry about your business operations being put at risk. Here are some precautions you can establish to help prevent your team from falling victim to online scams and data theft.
Use Secure Passwords and MFA
It can’t be stressed enough just how important it is to have strong passwords that are different for each service you use. On top of this, it is also strongly advised that you enable multi-factor authentication (MFA) where possible - meaning that users need more than just a password to access an account. This is often an access code sent to a phone number or authentication app. This may not be possible across every service, however for employees accessing company resources, this should be a default.
You may also wish to use password managers to keep track of all your passwords, removing the hassle of remembering long, complicated passwords. We discuss password managers here.
Set up a VPN
Virtual Private Networks (VPNs) allow remote workers to securely access an organisation's online resources, such as email, online storage and infrastructure. You can read more about VPNs here.
Update and manage devices
Ensure that every device registered to your organisation is updated with the latest security patches by pushing them out via a device management platform such as Microsoft Intune. You can also restrict the software or applications available to the device to prevent unsafe programs being run, and remotely lock any devices that are lost or stolen.
Use The Sender Policy Framework (SPF)
The Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain. If configured correctly, SPF allows receiving email servers to identify if an email came from an authenticated location or, more importantly, if an email address has been spoofed and is coming from a malicious third party. This is a strong defence against phishing attacks, but is one we often find is overlooked.
Educate
Phishing scammers have been using email and text communications to trick unsuspecting people into giving up their data or access to private accounts. There are email filtering services and pieces of scanning software to help prevent your team from falling victim to scams, however one of the best defences is simply educating them against the dangers and being aware of the warning signs. We have put together some information on how to spot phishing scams here.
If you would like to know more about how we are helping organisations stay secure, or how we are enabling businesses to work remotely, please get in touch.
