Over the last few weeks, every business in Australia, large or small, has had to amend its work practices in some way to respond to the current COVID-19 crisis.
Some businesses have made minor changes and remain largely unaffected, others have their entire workforce now working remotely, whilst others have had to lay off staff due to a complete drop off in demand.
It is easy at a time like this to lose sight of the key issue of cyber security.
The threat that phishing and data breaches cause to your business is significantly increased at this time as people are understandably distracted by the issues of dealing with drop offs in sales and orders, and adjusting to new, often completely untested, work practices.
Australia’s Government Cyber Security Centre (ACSC) recently reported a spike of COVID-19 related phishing scam text messages and emails.
During the current COVID-19 pandemic, our government has warned on the importance of being ‘alert, but not alarmed’, as criminals attempt to take advantage of vulnerabilities amidst rising community fear and anxiety. ACSC have reported the scams are likely to increase in frequency and severity over the coming months and people need to be prepared. Specifically, those people whom are running their organisations from home.
The significant growth of employees now working from home, increases the cyber criminals’ remote access to critical business programs and data from unmanaged equipment. The rapid rate of exposure and risk to an organisation can be reduced with applied vigilance. Organisations need to prioritize the security of their data and where it is going.
We have previously informed you of the simple steps you can take to protect your organisation’s data when staff are working remotely.
It is vitally important that you now contact your IT provider and ensure that all devices being used by your staff offsite have the adequate level of protection. It would also be timely to remind staff of the simple steps they can take to avoid falling foul of phishing scams and causing a data breach.
You may need to review or adjust your HR policies or messaging to remind workers of their responsibilities during these new working arrangements. Cyber protection is both an IT and and HR matter.
You can at the same time ensure that your security is as foolproof as possible.
If you are in doubt, have your system ‘white hacked’ by an external provider.
If you have not taken the step of training your staff and issuing directives reminding them of your company policy on these issues, now is the time to do so.
You should also review your data breach response plan. If you do not have one, have one drafted.
Stay alert to the new cyber, privacy scams and breaches reported by official government websites:
If you have any questions in relation to this article, or require any assistance in drafting either the relevant policies or data breach response plan, please contact Iain Freeman or Lorraine Madden.