Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

April 29, 2020

It’s a cybercriminals playground right now; the mere notion of businesses being forced to abandon their offices and work from home light up the eyes of fraudsters everywhere.

Normal business processes are paused, IT departments across the country are working overtime to ensure their users have the sufficient technology to work from home and best of all – this results in the usual IT security practises becoming weakened. Cybercriminals are using this disturbance in our normal working lives for malicious gain, and the sudden change in new working practices are increasing the risk of data loss.

The transition to remote working for the majority of businesses was rapid. This means that many IT departments didn’t get the adequate time or resources to account for such a dramatic switch. Priorities are to keep users connected and able to work seamlessly throughout the lockdown, maintaining collaboration tools and for many, sending thousands of laptops out to home workers across the country – all of which require configuring first to meet security and privacy guidelines. Cybercriminals will use any vulnerability they can to infiltrate company walls and exploit company data. CTOs, CISOs and DPOs throughout the UK will know this, but keeping on top of every single possible security ingress point can be a challenging task, not only during a pandemic but at any time.

Threats can materialise in many different forms, but the most common tend to be:

  1. Staff working from home are targeted with a bogus phishing threat around Covid-19, playing on user’s emotions using scare-tactics to persuade them to non-maliciously part with sensitive company information.
  2. Remote workstations with weakened security due to the sudden move of location, compromising the Corporate LAN. These vulnerabilities are easy pickings for cybercriminals who are simply waiting for an opportunity to pounce.
  3. Insecure VPNs inadvertently leaking sensitive data from the network domain.
  4. Relaxation of Cloud application and email security controls, along with their increased reliance resulting in data breaches.

There are a number of measures businesses can take right now to build a solid defence around their existing security infrastructure during the pandemic. These practises will also provide a more robust framework when we move back into our offices – a situation which will present even more opportunities for cybercriminals to strike. But by following an essential security health-check, you can stay one step ahead of the bad guys no matter if your users are home or office based.

Vulnerability exposure

If you don’t know what your vulnerabilities might be, run a penetration test to determine where the cybercriminals might be able to gain access before they get there first.

Adapting password policies

By tightening your password policies, you can protect the LAN and ensure your passwords are kept safe. Setting a new password requirement with a shorter expiration period, number of attempts before an account lockout, duration of lockout etc will all help to keep the cybercriminals guessing.

Multi-factor authentication (MFA)

Always double and triple check who is accessing your systems to catch the cybercriminals out. Don’t allow a simple password to gain access to your VPN, LAN or Cloud. Reduce impersonation by requesting extra security questions to ensure identification to authorise access.

Promote Productivity

What can you do to protect your internal systems from the increased threats that arise from remote working, without inhibiting business? CST are currently scheduling remote sessions with customers to discuss their concerns, provide practical advice, make suggestions, and answer any questions on how to maintain their bottom line as much as possible.

Safe and Secure Machines to Access Resources

Apply extra security features on your endpoints that are used to access company information to avoid any inadvertent leaks. Do not allow any unauthorised machines to access company systems.

What Does ‘Secure’ Actually Mean?

Would your users know what “secure” means, and are you on the same page when it comes to its definition?

Learn more information on how you can secure your business from cyber threats throughout the Covid-19 pandemic and beyond, visit our page Cyber Security and Covid-19: How can CST Help? and contact us using the form.