Maintaining good cyber hygiene
With more of us working from home in the coronavirus crisis, there is evidence of increasing attacks by cyber criminals who are exploiting those unaware of the risks, according to Tony Cleal, director of Guernsey’s Black Arrow Cyber Consulting
BUSINESSES are making significant changes in response to the virus, including asking employees to work from home for the first time. These new practices have often been implemented as quickly as possible, with a priority on keeping the business operations going.
At the same time, the cyber and information security consultants at Black Arrow are seeing reports from specialist intelligence and the wider media which show cyber criminals are feasting on the current chaos as they target employees and companies who let their guard down.
‘Cyber criminals usually target people, not technology, to get into their employer’s systems. Companies need to ensure they consider all the basic risks to prevent this, and implement layers of defence that start with the user. As an analogy, the easiest way for a criminal to get into someone’s home is to convince the resident to let them in, for example by pretending to repair an emergency gas leak. It doesn’t matter how good the window locks are, or how sophisticated the burglar alarm is; all they need to do is knock on the front door and be convincing. Thousands of coronavirus scam and malware sites are being created on a daily basis, and we see cyber criminals taking advantage of the crisis to get access to the organisation’s money and information’.
That means companies and employees need to maintain good cyber hygiene when working from home, just as they do in the office. People behave differently at home, and are often less alert to information security risks than in the office.
‘We have seen Guernsey employees posting pictures on Facebook to show their new desk at home, but these pictures risk showing confidential documents on the table and screen. This is further evidence that cyber security is a business-wide risk that needs the aligned strength of people and culture, as well as business operations and technology’.
Some smaller businesses consider cyber security to be more relevant for larger organisations.
‘Weakened defences will always be exploited, whether by biological viruses or malicious actors. 43% of cyber attacks hit smaller businesses, and a breach now on top of everything else would likely be catastrophic. Luckily, there are things you can do to protect yourself, even with limited resources; we can help ensure that the scarce money is spent wisely by addressing cyber security as a business-wide risk owned by the business leadership.’
Tony concluded: ‘Now more than ever, because of the disruption and changes to business practices, companies need to take appropriate steps to protect themselves against cyber-attacks. We are committed to helping improve cyber hygiene in Guernsey. This started when I used my experience in British Intelligence to lead the review of cyber security across the Bailiwick for the GFSC, which informed the forthcoming new standards. Now at Black Arrow we are reducing our prices during this crisis, to make cyber hygiene easier for all organisations; of course, charities and non-profits can continue to contact us for help free of charge.’