Wynand van Vuuren head of client experience at King Price
If your employees spend any time at all working from home in our brave new post-pandemic world, it’s vital that you review your remote working practices to deal with ‘massively increased’ cybersecurity risks.
This includes taking steps to not only ensure the physical security of company devices that may contain sensitive data, but also to secure all access to company networks, says King Price’s head of client experience, Wynand van Vuuren.
“Remote work is here to stay. But it brings with it numerous security weaknesses, with employees relying on their home networks – and often, their own devices – to do their jobs. They might share devices with other family members, use the same device for both personal and work activities, or even connect to public Wi-Fi spots. It only takes one mistake for disaster to strike,” said Van Vuuren.
The risks of being hacked
The biggest risk is that most of our work is done online – and if something’s on the Internet, it’s vulnerable. One of the major threats that remote workers face is phishing emails, which try to fool people into entering their details or downloading an attachment containing a keylogger. Once hackers can access a company network, they can steal sensitive information or install ransomware, which locks the company’s entire IT system until a ransom is paid.
In its recent State of Ransomware 2021 global survey report, IT company Sophos says the total cost of recovery from ransomware attacks doubled in the past year, from R10.7 million to more than R26 million in 2021. Recovery from attacks can take up to a year, with the possibility of getting back less than half of the data that was stolen.
“And if unauthorised people access your system and steal client information, the company may be held legally liable. Employees working on their own systems can infect the company’s systems with viruses – or even worse, other companies’ systems, if a virus were emailed to a client, for example,” said Van Vuuren.
What can you do?
There are a number of proactive security measures that you can put in place, says Van Vuuren.
- Implement the best security you can afford: firewalls, security software, malware scanning.
- Put a strong security policy in place. This includes guidance on storing devices securely, creating and maintaining strong passwords, and an acceptable use policy for visiting websites that aren’t work-related.
- Insist that your employees use VPNs on all work-related devices and avoid connecting to public Wifi spots.
- Never click on any links in emails or SMSs, even if they look legitimate. Check with your IT team if you’re not sure.
- Check that you’re on a genuine website before entering any personal information.
- Regard all ‘urgent’ security alerts, offers or deals as warning signs of a hacking attempt.
Be covered if disaster strikes
Make no mistake, cyber insurance can’t save your business from attacks – but it’s an important way to protect you from the after-effects of a breach by covering expenses for:
- Data breach, including hiring legal and forensic IT professionals to help you recover your data.
- Damage to computer systems and data.
- Disruption following a cyberattack that brings your business to a halt and results in loss of income.
- Insured incidents, like specialist support to check if a cyber threat is real.
- Financial loss and proving fraud, including financial losses resulting from fraudulent inputs into insured computer systems, which have led to dishonest transactions.
“The best insurance policy is always one you never have to use. But by combining a proactive, holistic security approach with a strong cybersure policy, you should be well on the way to keeping your business healthy while your people are working off-site,” says Van Vuuren.