Teleworking securely: how to protect yourself from cybercrime
Secure teleworking depends entirely on effective prevention. Security tools? Fine. But also raise your employees’’ awareness: people are the weakest link in cybersecurity every time. A few quick wins to protect you against online attacks? We're happy to share them. Stay safe
Are your employees working at home now, using their own device or a company laptop with old software? Are they not using a Virtual Private Network connection (VPN) for communication? In that case, you may be opening the door of your company network to hackers.
A first quick win to protect your business data from theft or ransomware? Update your software and operating system and ask your employees to do the same.
Make sure that everyone collaborates and downloads your business data via your secure VPN solution. The VPN ensures that your employees get secure (encrypted) and anonymous (redirected) access to your network and therefore makes the internet connection more secure.
In the longer term, you may consider a secure private network in the Cloud. At Destiny, we always work and communicate via our VPN connection. A firewall in the Cloud protects our entire network and therefore all our colleagues and their devices - wherever we are. We manage that security centrally and simply add individual users and their devices.
Your email is a vulnerable medium. Cybercriminals are now gratefully exploiting the lockdown to send spoof, malware and phishing emails - on the subject of coronavirus. They fake the login pages of file sharing services because they know that users trust Dropbox, OneDrive, SharePoint, WeTransfer and Sharefile. So be careful of emails that ask you to log in to OneDrive and read the new coronavirus procedures there. It may be a phishing email that takes you to a fake page to steal your login details.
The solution? In the same way as you now wash your hands after you've been out, follow some simple hygiene rules - before opening a link or file in an email.
- Never log in from an email. Ask your employees to log in to the company network via the environment itself, or on file share services like OneDrive on Office 365. Never via an emailed link. Ask them to call the sender first if they’re in any doubt.
- Don't announce anything by email. Are IT updates on your agenda? Do you have new coronavirus rules? Don't send them by email. Say what your colleagues have to do in a conference call. And place manuals or procedures in a location where only they have secure access.
- Be careful what you mail. An email is like a postcard: cybercriminals can hack the messages more easily than an operating system, and/or read the content. So never send customer lists, login details or other business-sensitive information by email.
- Always ask. Is your CEO asking you by email to make a payment? Just check with him before sending the money. Cybercriminals can steal your manager’s or colleague’s email address and send you - under his name - a spoof email with false links, attachments or instructions.
- Check the email address and the domain name. Always check the email address of (apparently) trustworthy suppliers carefully. Especially if they ask you to log in to their site. In a fake email, the domain name is slightly altered, for example from B-Post to Be-Post.
How do we flatten this criminal curve? We put all incoming mails into quarantine. Our sandboxing and phishing detection tools examine the link or attached files in seconds in a secure Destiny environment. And only then send the email on to the recipient.
Your colleagues are alert and dealing with this kind of cyber risk correctly? Draw up a clear digital security policy that everyone follows - regardless of the situation. What information can you send by email? What can you download? What apps can you use? But also: what procedures do you follow for payments, how do you log in to the company network, and who has access to what? Share these security procedures with everyone in the company and keep them present in people's minds with regular reminders.
The pressures of the day may make even the most alert employees unmindful of security procedures occasionally. And some points are more difficult to enforce than others. At Destiny, we are only too well aware of that. We therefore give high priority on an awareness programme. Through positive actions. But also using security audits. For example, our IT colleagues try to ‘lure us into traps’ unsuspectingly. They send us clever phishing emails or simulate spoofing attacks which they monitor and analyse. We share and discuss the results with everyone. Non-judgementally: the aim is to keep everyone alert and make colleagues internalise the digital hygiene reflex.
With our audits, we plug gaps in our security faster and learn from our mistakes. We encourage our colleagues to report suspicious emails immediately. Has somebody clicked on a false link? He or she then contacts the security manager as soon as possible and informs everyone in their address book. That’s how we make sure a virus is stopped from spreading quickly.
You’ve got questions about the preventive measures you can take to protect your colleagues and business data? We’ve developed a quick check for safer email traffic. It will show you immediately where gaps remain and what action you should take straight away.
Or just give us a call: we’ll keep it safe together #stayingsafeathome.