COVID-19 Security MeasuresSian Haskell
Security During COVID-19
We have recently been made aware of an increasing number of members who have been subject to email attacks during COVID-19. Please find below some advice to ensure your staff are working securely from home and advice to send to customers if you do have a breach of an email account.
In the Event of an Attack – Template email to send
If you have been subject to an email attack, you will want to make contacts and customers aware of the issue. We have drafted an email template just for this with the steps necessary to keep your customers safe. Click here to download this template that you can tailor and send out.
Educating your Staff
Here are some simple tips to ensure both your work machines and your own personal machines stay safe while you are working remotely. Most of the below relate to email and login however please ensure you are vigilant when connecting to your company network remotely.
- Change your password regularly and keep it in a safe place.
- Don’t share your password with anyone
- Don’t open attachments from anyone you don’t know and please don’t forward them to work accounts
- Don’t reply to spam or forward chain emails
- Keep your personal information personal – don’t share bank or credit card information by email
- Make sure that you have antivirus software installed and keep it up to date
- Look out for malicious emails (they may look like they have come from a financial institution, an ecommerce site, a government agency or any other service or business)
- Enable filters on your email programmes and report spam
- Pay attention to the website’s URLs you visit. URL spoofing (one site posing as another) is becoming more common and can result in a malicious computer attack.
Insecure way to connect remotely
To achieve a remote connection to your office, you may still use a direct connection from the Internet through the company firewall to achieve a remote connection. This is no longer considered to be a secure option without additional security in place. It can result in a remote attacker gaining access to your company network. They do this by throwing an arsenal of username and password combinations at it to hack into your system and they can, if sucessful, gain unauthorised access to your computer system and expose your sensitive data. You have heard the importance of a strong password and this is exactly where it comes in. Our recommendation is that in addition to adding an additional layer of security, you ensure that passwords are robust and changed at both user and adminstration level on a regular basis.
The secure way to connect to your remote office
When setup correctly, a VPN (virtual private network) allows a remote user to access their company network without exposing their work computer to the entire internet. With a VPN, the connection to your company network is strongly encrypted, creating a secure “tunnel” to it and therefore protecting your data from prying eyes.
Remote Desktop via a VPN is a safer way of connecting and in essence works as 2 factor authentication.
A VPN will not, by nature, grant you remote access to a computer. It will only grant you access to the network that your computer is connected to. That means that Remote Desktop can still be enabled on your computer, but exposing it to a VPN instead would create a more secure environment in the event you need to access your computer remotely over the internet.
If you use and external IT company to maintain your network security the likelihood is they have already set this up. However, if you aren’t sure the safest way forward is to contact them directly and confirm your setup is secure.
If we can be of any further assistance please don’t hesitate to contact us.