Did you know October is Cyber Security Awareness Month?

As more and more people work from home, now is the perfect opportunity to make sure our businesses and our employees are protected against cybercrimes. Working from home has worked well for many employees and companies during the pandemic, and while work-from-home has become more accessible and convenient, there are still many cyber security gaps.

Online fraud 

A common form of online fraud is phishing. Phishing occurs when a cyber attacker sends a fraudulent email, text message or direct message designed to trick someone into revealing sensitive information or to deploy malicious software, such as ransomware. It usually involves clicking a link to bring users to an external website.

The Canadian Anti-Fraud Centre estimates fewer than five percent of victims file a fraud report and that a majority of phishing scams that solicit personal information don’t involve direct financial losses. But financial losses aside, online fraud can result in loss of intellectual property, data and the risk of a company’s reputation being affected.

The time it takes to change passwords and ensure intellectual property is secure could also result in loss of time and productivity.

As pointed out in a recent Forbes article on cyber security risks,  “before the pandemic a test phishing message was appropriately ignored by managers who were aware that corporate security was ramping up fraud detection; but the same employees working remotely showed a higher propensity to click on phishing emails because they were not in the loop."

Phishing scams: What to look for

Whether staff are working in the office or remotely, employers should train their employees on what to look for in phishing scams, such as looking closely at the “from” email address and hovering over any external links to see if the website looks legitimate. Employees should also learn to not click on anything they did not request i.e., forgotten password request links, banking-related emails, etc.

Cyber Security checklist

Implementing a cyber security checklist may also be a good idea. For example, ask your employees to read, print out and have this list of security measures handy:

• Only trust health-related information when it comes from reliable medical sources, and trust professional information only from sources you can verify.
• Use hard-to-guess passwords for email, cloud storage and corporate networks (including VPNs)
• Use different passwords for different accounts.
• Use MFA (multi-factor authentication) whenever possible.
• Change the default password on any home network devices, including routers and Wi-Fi access points.
• Use safe methods to exchange any documents, spreadsheets, presentations or other files and only use company email to exchange information.
• Keep your work computer and work-related documents and files in an area at home that is separate from your family life.
• Use your work computer for work only and limit the use of your personal devices for work-related purposes.
• Apply updates/patches on computers regularly.

Cyber security should not be ignored and, like remote working, it is evolving. Take the first step to ensure your business is protected against cybercrime, by assessing your business' cyber risk today.

Sources

https://www.antifraudcentre-centreantifraude.ca/features-vedette/2021/frauds-10-fraudes-eng.htm
https://www.forbes.com/sites/hillennevins/2021/05/19/new-dangers-of-working-from-home-cybersecurity-risks