Santam, South Africa’s largest short-term insurer, has warned that, with remote work and work from home taking off as the new norm, companies need to be extra vigilant to ensure they are not vulnerable to disastrous data breaches or other cyber security incidents. Cyber threat actors pose a massive cyber security threat, so protective measures must be taken to maintain information security and privacy on all sides.
Grant Durr, Group Information Security Manager at Santam says, “When working from an office, most companies have a dedicated IT department to maintain cyber security through appropriate hardware and software controls. That simply isn’t possible at home.”
Durr provides some guidelines on how to protect teams at home from various cyber-threats.
Change the plan
Now is the time for organisations to meet with their IT departments and reprioritise their cyber security strategies.
- If possible, provide work-issued devices to all employees working from home. Your IT department will be able to install comprehensive anti-malware protection on these to detect malicious threats.
- Request work-only tasks be done on the device. This will limit the nature and number of interactions done online that can corrupt the devices.
- Include insurance coverage for remote work activities. Durr says, “Policies should be broadened to include the ability to work from multiple locations and still be covered by insurance.”
- Update systems regularly. IT departments can prompt regular updates and patches to work devices easily. This ensures that known vulnerabilities are addressed and therefore can’t be exploited by hackers who are familiar with known vulnerabilities.
Secure internet access
Unsecured home networks and devices pose the main cyber threat for people working from home. “This is the single biggest threat in the home environment. The company IT department can’t control the devices in the home, and therefore can’t secure devices that are used to connect to the internet, and how internet connections are established,” says Durr.
Unsecure WiFi allows hackers to connect to home networks, and by implication allows for the possibility of viewing important information that is stored on all the computers and other devices that are connected to the same network. Even more disturbingly, they can access cameras, or other IoT (Internet of Things) devices without anyone’s knowledge. Maintaining a protected internet connection at home might be tedious, but it’s well worth the effort. Here are a few steps one can take now:
- Change the default WiFi name to make it harder for someone to identify a specific home connection as well as the router manufacturer and its weaknesses. Neutral names help keep identities safe.
- Change the default password regularly. This can be quite a taxing task because all gadgets that require internet will need to be reconnected. But security is worth the effort. Passwords should be at least 20 characters long with a mix of numbers, letters and symbols.
- Turn off the wireless networks when away from the house. This will minimise opportunities for hackers, and act as surge-protection for devices and modems.
- Upgrade to a router that has a built-in firewall. This creates another hurdle for hackers to overcome.
Safe virtual meetings
Online meeting platforms such as Zoom, Microsoft Teams and Google Hangouts are experiencing a surge of traffic. Depending on the type of service a company uses, these virtual meetings can be another way that hackers are able to record your online conversations and access important information shared in presentations and emails. It is also a potential gateway to information such as passwords, sensitive client information, and personal details.
“Every online meeting – from an internal team meeting to a personal chat with your family – should include some security aspect to it. Hackers just need one unsecure point during a virtual call to gain access to the information of everyone in the call,” warns Durr.
Here are a few quick steps to keep your calls safe:
- Choose your collaboration platform wisely – some platforms have better security features than others which makes them harder to abuse and break in to.
- Add a password to meetings. Yes, this may seem like a drastic move for weekly call with a technologically challenged relative, but this is a quick step that prevents a lot of cyber disaster later on.
- Create a waiting room. This will keep anyone who wants to join the meeting in a neutral virtual space, so attendance is controlled.
- Lock the meeting once it starts. Again, this small action will prevent anyone with a meeting link from joining a meeting randomly.
Without proper protection, an organisation is at risk of sensitive information being compromised. Although disruption can vary, the intentions remain the same – to disrupt work and find any valuable information that can be exploited for monetary gain. Contact your broker to discuss ways to ensure comprehensive coverage for cyber threats.