In the last couple of years, how we work has changed immensely. We now want to work in a more hybrid way or work from home more often. Virtual working is in high demand, which means data protection and privacy need to be a high priority.
There are some things that organisations need to implement for the safety of the business and their clients.
Working from Home
As working from home becomes increasingly common, it is essential to ensure that proper data protection measures are in place. Team members must take steps to secure confidential and sensitive information. This will include using secure networks and passwords, encrypting data, and limiting access to work devices. That means work devices should only be used for work purposes by the appropriate person. A work-issued machine should not be shared with others in the house.
Businesses should also provide clear policies on data protection and train their employees on best practices. Regularly backing up data and conducting security audits can also help mitigate data breach risks while working remotely.
Shared workspaces
Co-working offices have become increasingly popular over recent years way to working virtually. They offer individuals and small businesses the opportunity to work from a shared workspace. However, with this trend comes unique challenges related to data protection. Co-working spaces often involve using common areas, such as shared printers and wifi networks. This can potentially expose sensitive information to unauthorised parties.
This may account for the results of a survey by Veritas Technologies which stated that 74% of companies experienced data breaches at co-working spaces.
We are not saying co-working spaces are unsafe and should not be used. They are a great place to work. But, it is essential when working in a co-working space to implement additional data protection measures, such as encrypted networks. The easiest way to do this is to use a VPN on your device.
In fact, with VPNs, I would use one whenever using an external wifi source to protect your data and access from others.
In addition, users of co-working spaces need to be conscious of the work they are working on and what can be seen by others. You are in a public area, and someone could look at your screen over your shoulder.
Additionally, co-working space users need to be diligent in protecting their data, such as using strong passwords and avoiding public wifi networks. With proper measures, co-working spaces can protect their users’ data.
Bring your own device
In today’s digital age, Bring Your Own Device (BYOD) policies are becoming increasingly common in workplaces, which can pose a challenge to data protection.
As team members use their personal devices, it cannot be easy to ensure that sensitive information is not compromised. To address this issue, organisations can implement security measures such as encryption, multi-factor authentication, and remote wiping capabilities to protect data on personal devices. It is also important for team members to receive training on data security and for clear guidelines to be set regarding using personal devices for work purposes. By taking these steps, organisations can better protect their sensitive information and reduce the risk of data breaches.
There is a theme running through each of these sections: cyber security, which is not limited to the above.
Cyber security
As more people are working remotely, cyber security has become increasingly important. Working virtually can leave individuals vulnerable to cyber attacks. As a result, it is important to have secure connections and to use strong passwords to protect sensitive information.
The first thing that needs to be checked/verified is that the set password for the router has been amended, as has the login to the router. They may look like a unique password on the base of the equipment, but they still need changing.
Additionally, when working from home, caution should be given when clicking on links or downloading attachments from unfamiliar sources. Training should be sourced and provided to employees. If you work with freelancers or sub-contractors that access your systems, you must ensure they have completed training.
Where possible, resources and lessons learned should be shared to ensure their remote employees are aware of potential threats and are taking the necessary precautions to keep company information safe.
If you have any questions about supporting your business and team to work safely and compliantly virtually, or if you would like support applying for Cyber Essentials, why not book a free 30-minute call to see what we can do?
Nine out of 10 businesses are working in digitally way, and more and more are working virtually. We live online.
But we need to ensure that we are working safely online. The risk of a digital attack is high, and 39% of UK businesses have experienced a cyber security breach. This is according to a report published in March 2022 by the Department for Digital, Culture, Media and Sport.
There are several areas that a business needs to look at to ensure online (cyber) security.
Risk assess
Risk assessments can sometimes be seen negatively or be viewed with fear/disdain. They are a positive tool that can identify strengths and weaknesses in a particular area. Once you know an area that is not so great, an action plan can be created to improve it. Risk assessing raises A LOT of questions, and you will never get to risk-free. However, you can put things in place to reduce the risk.
Have a Bring Your Own Device Policy and Working from Home Policy
On average, 45% of businesses have staff that use their own devices. 84% of workers who had worked from home during the pandemic have said they plan to carry out a mix of home and office working in the future, according to an Office of National Statistics report published in May 2022.
This can raise risks around how secure the equipment or network is.
Having staff use their own devices can save costs, but it can mean less control over IT security.
Have IT support
Having an (external) IT support which provides a portfolio of IT services that are underpinned by a service level agreement. From a cyber security perspective, having someone there to help keep things safe, that can do back-ups and support when things go wrong, is a great unseen benefit to a business.
Having systems in place that can help detect incidents.
Awareness and training
Oh, I mentioned the T word – sorry.
Everyone needs to understand and know where the online risk can come from. Whether it be from phishing, vishing, smishing or pharming, can staff identify the risks, not act on the attack AND report it?
Ensuring there is a plan in place and it is actioned, staff are aware of online threats – not only for the business but also for their personal data.
Ensure you have access to up-to-date information
Cyber security is forever changing. How do we keep up to date with all the information? And how do we ensure it is accurate?
Something has gone wrong; what do you do?
An excellent place to start would be the NCSC or ICO or find an external cyber security consultant. If you have an external IT provider, they could also be a good source of information. Also, remember to check your business insurance.
Keep software updated
Whether it be the operating system or the actual software, updates are pushed out for a reason – they have security patches in them and update glitches or vulnerabilities. Yes, it can be a pain that they are updating, stopping you from working. But do you want your computer to be held captive and not work?
Record and Report
Recording when you have a cyber security attempt, even when they don’t get through, is a great way to assess the effectiveness of online safety.
Have a plan to respond to a cyber incident in advance and check to see if it would work.
Have records of possible attacks, and investigate actual incidents.
Remember that a cyber attack, phishing etc., should be reported to the NCSC. If personal data is lost, risk assess to see if it must also be reported to the ICO.
Secure that data
Securing that data comes in different ways
Ensure that where the data is stored is secure – and data protection compliant.
Only allowing people who need access to the data to access it.
This comes back to risk assessing in a way – doing those checks to ensure everything is ok, but this time of prospective (and current) suppliers to establish any liabilities and evaluate potential.
Check suppliers – where are they, and what is their compliance like?
Scammers and cyber criminals use every tool they can to access data and gain control of computers and mobile devices.
That means businesses and employees must be on guard constantly, treating every email, every phone call and even text message with extreme caution.
Here are some of the techniques they use and how to avoid falling victim to them
Email phishing
Phishing scams try to trick you, and sadly, many people fall for them, getting their passwords, account details and business data stolen.
They may pretend to be from your bank or a company you know and trust; that is why it is good practice to treat every email with suspicion, especially those claiming to have noticed suspicious activity in your account or asking for personal information, as well as those asking you to click links.
In the case of ‘spear phishing’, these emails will appear to be targeted at you.
How to protect yourself and your business from phishing and Spear Phishing scams:
Protect your devices with security software (and set it to update automatically)
Protect your accounts by using multi-factor authentication; this can either be something you have, such as a passcode sent to you via a security key or something you are, like a fingerprint scan, retina or facial scan.
Back up your data regularly to a trusted cloud-based storage solution or an external hard drive.
Whaling
Whaling is similar to phishing but aimed at the highest members of an organisation, such as executives and senior managers, particularly those in financial and payment-related businesses.
A Whaling attack can be well-researched and sophisticated, containing personal information, a sense of urgency and often a solid understanding of the industry’s technical terms and tone. They can cause devastating damage to a company’s reputation.
How to protect yourself and your business from whaling attacks:
Training and awareness at the highest level
More training and awareness, including regular refresher courses
Flag emails that are not from your network automatically
Consider making social media profiles private
Invest in data loss prevention measures and protocols
Smishing
Do we treat the danger of SMS or text-based ‘smishing’ with the same levels of diligence as we might with email phishing? Many might not and fall prey to revealing personal information such as credit card numbers and passwords or downloading malicious programs to their work mobile devices.
How to protect yourself and your business from smishing attacks:
Treat so-called urgent security alerts, offers and deals with extreme caution
Remember, no reputable company will ever ask you to confirm banking details, ATM pin codes or account information via text message.
Avoid storing bank details on smartphones; if the information isn’t there, it can’t be stolen.
Be wary of unfamiliar or suspicious-looking numbers
Vishing
Vishing or voice calls are one of the most widely used methods by fraudsters looking to access data, bank details and personal information.
Many scammers are incredibly good at gaining confidence; combine that with an exponential rise in remote working and the ease with which scammers can access basic information about any of us, and it is easy to see why so many are caught off-guard and fall prey to the (friendly) voice on the end of our phones.
How to protect yourself and your business from vishing attacks:
Calls from your bank or official agency are a mobile number; it is almost always a reason to be suspicious
Check the number even if it appears to be genuine. An automated caller ID is no guarantee of a legitimate call.
If the caller asks for money, mentions a deadline or tries to ask about confidential information, that is a sign of vishing.
Refuse to install software on your devices to fix an alleged problem if prompted to do so
If you would like to learn more about how to make your business stronger against the threat of cybercrime and data theft, I’d love to help. Get in touch today to schedule a free chat.
Threats to our technology come from many different sources, and protecting our data can seem like a never-ending job. It is.
It has been well documented that cyber security increased during recent years in personal attacks and those targeting businesses. The National Cyber Security Centre (NCSC) state in its annual report that there has been an increase in online threats.
Whether we use desktops, laptops, tablets or other mobile devices, they all rely on a range of good housekeeping measures to attain the best possible levels of cyber security for the business and the data it handles.
What is Cyber Security?
Cyber security refers to protecting electronic devices, computer systems and entire networks against data loss, theft or corruption. That might even involve disruption to the business and its services, expensive legal proceedings (in the event of a data breach) and irreparable damage to a business or brand.
As we can see, cyber security is a vital tool for GDPR compliance and the business itself.
With those things in mind, here are just a few important things to ensure you’ve got it right.
Move away from unsupported software.
Software, including operating systems, apps and free trial versions, almost always comes with a limited shelf life. That might not always mean replacing them, but it does mean keeping them up to date, replaced or subscribed to in order to access support and updates.
Always download and install the latest software and app
The latest software and apps are vital. The landscape of cyber security changes daily, with new threats emerging all the time. These threats can take advantage of vulnerabilities in even the most well-known software and apps; updates address them.
Run up-to-date anti-virus (even on a Mac)
One of the most important aspects of IT security is the software designed to identify, locate and remove dangers to your IT infrastructure. Keeping it up to date will ensure the barrier between your data and cyber criminals is as robust as possible.
Yes, it can be a hassle… Those long, alpha-numeric passwords with a capital letter here and there and some symbols are thrown in for good measure. However, they are infinitely more robust than “Password123” or the name of your favourite cat that you might have shared on social media.
Most modern browsers and even some ingenious software apps offer to remember them for you, too, safely and securely.
Two-Factor Authentication
Two-factor authentication sends a message, often to a pre-agreed mobile number or alternate email address. Typically it includes a code or link that forms part of a two-stage login process for websites, apps and software.
You enter your login credentials at stage one.
You enter the code or click the link sent to you (and only you) at stage two.
Delete suspicious emails and avoid clicking links
The human element is one of the weakest links in data loss, making training and awareness important for your teams. Phishing emails can seem incredibly realistic, and sadly, many people fall for them, clicking links that install malware or give cybercriminals access to your data.
Back up your data
It is good practice, and it makes sense. Many IT hosting platforms perform several backups daily for the clients they work with, but for smaller businesses, it isn’t difficult to set up. Backups are one of those things, you might go years with no need to for them, but when you do, you really do.
For help and advice on backing up your data, get in touch.
Training
Even the most secure and up-to-date systems are at risk if people are not trained to get the most out of them. Training your team on cyber security awareness is important. Not just from a hardware point of view but from risks such as social engineering, phishing attacks and the use of deception by cybercriminals to obtain confidential information.
If you would like to learn more about how to make your business stronger against the threat of cybercrime and data theft, I’d love to help. Get in touch today to schedule a free chat.
Many people think of passwords simply as a nuisance, a barrier between us and trying to access the websites and services we need.
On the other hand, some go the extra mile in creating passwords that are as strong as possible. This can be done by utilising a range of features to keep the accounts safe and secure for us to use for both business or otherwise.
One approach is definitely better than the other…
Understanding what makes a strong password is essential to protect our data. They are the first line of defence against unauthorised access. However, research clearly shows we don’t always use secure ones.
Reasons for this vary. Many think a short or straightforward password is easier to remember, and having that same password for a range of sites and services can save time.
They are, and they can, but from a security point of view, doing so is a risk that is not worth taking…
Here are some top tips to help you stay secure:
Switch on password protection or other authentication method
If your device has the capability, please use it.
Passcodes and passwords are the first line of defence for stolen or lost devices. Biometrics have made this process even easier, with features such as fingerprints and facial recognition. It is a fast and highly secure way to unlock your device.
Use two-way authentication
Multi-factor authentication is a method in which the user is only given access to a website or service after presenting two (or sometimes more) pieces of evidence that they are who they claim to be.
So, for example, after entering a password and username, you might be sent a text message to your registered mobile device, email address or other authentication app or token. That message will be a code to be entered at the next stage to guarantee you are you!
Password management
Many are tempted to avoid longer alpha-numeric passwords, as they are difficult to remember and time-consuming to enter.
Password management applications solve that issue by storing the passwords securely for you (they can even create them, too) and entering them on your behalf when you need to.
This feature is baked into IOS devices, Google Chrome and Microsoft’s Authenticator app. There are also password managers such as LastPass, which store encrypted passwords online.
Don’t be ‘password predictable’
This is by far one of the most significant challenges to overall security online. Scammers, hackers and other cybercriminals are well aware of this fact. It doesn’t always take computing power, just a little background information.
Birthdays, favourite places and pet’s names can all be easily ascertained via social media profiles. When you add in the usual common passwords some of us tend to choose, it isn’t difficult to see why anyone looking to trick their way into your accounts can have a massive range of password options to try.
Many cyber criminals instead use computing power in what are known as ‘brute force’ attacks to guess passwords with the help of automated software repeatedly. It is simple for the cybercriminal but potentially devastating for you or your business.
Here are some ways to avoid being ‘password predictable’:
Always avoid using predictable passwords
Try choosing three random words, but swap out certain letters for symbols, so for example Troutclocklight could be tr0utCl0ckl1&ht
Have your own rule for what letters you take out, what you replace them with and what you capitalise
1t 15n’t t00 d1ff1cU7t, and it is A LOT more secure…
If you need help or advice on making your business be data savvy, why not book a free clarity call? It might just save you time, stress and money in the future!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
