In Aon's most recent Global Market Insights Report, the company has highlighted that the rise of long-term hybrid working, increase in ransomware attacks, and widespread data breaches will lead to an increase in cyber security investment. This comes after The Bank of England listed cyber-attacks as the biggest risk to the UK financial sector.
As working from home has become more widespread, it has led to both individuals and businesses being exposed to a range of cybersecurity risks. This is why it is essential to give serious consideration to home cybersecurity. Firms should look to set strong cybersecurity practices and policies for remote workers to better protect them against cyberattacks.
How to Avoid Phishing Attacks
Around half of cyberattacks in the UK involve phishing. That’s roughly 20% higher than the global average. Phishing attacks are a type of cybercrime that involves tricking individuals into providing sensitive information, such as login credentials, financial information, or personal data. These attacks are typically carried out through emails, text messages, or fake websites that are designed to look like they are from a trusted source, such as a bank, government agency, or well-known company.
Employees working remotely can be more vulnerable to phishing attacks as they rely on digital communication, such as email, and instant messaging software, such as teams and slack, more than in-office employees.
To safeguard against phishing, it's crucial to be attentive and wary when handling electronic communications. Employees should exercise caution when receiving unsolicited emails, especially those that request personal or financial information. If an email from a familiar source appears suspicious, verify their identity through alternative means, such as a phone call or face-to-face conversation. Watch out for warning signs, such as incorrect grammar, spelling errors, and emails that are overly pressing or threatening. Before clicking on a link, take care to examine it by hovering over it to reveal the actual URL and avoid clicking on anything that looks dubious.
Maintain Company Issued Devices
Monitoring company-issued devices can help prevent cybersecurity issues in work-from-home setups. To ensure the security of your devices, it is important to keep them up to date with anti-virus software and windows updates, analyse potential points of exposure to security threats, and determine if employees are adhering to the security protocols imposed by the company. This will help protect the company's data and systems.
Virtual Private Networks (VPNs)
VPNs are crucial in ensuring the security of work-from-home setups. VPNs allow remote employees to securely access the organisation's IT resources, such as email and file services, by creating an encrypted network connection that authenticates the user and encrypts data in transit. If an organisation is already using a VPN, it is important to ensure it is fully patched and that additional licenses, capacity, or bandwidth are implemented, if required. If your firm has not used a VPN before, you can refer to the National Cyber Security Centre's VPN Guidance, which covers everything from choosing a VPN to the advice to give to staff.
Use Multi-Factor Authentication
19% of cyber-attacks are due to compromised login credentials. While login credentials provide a basic level of security, multi-factor authentication can offer an added layer of protection against cyber-attacks. This involves requiring users to provide more than one form of authentication, such as a combination of security questions, text or email authentication, time-based one-time passwords (TOTP), or biological authentication, such as fingerprints.
22% of organisations in the UK do not provide their employees with regular security awareness training. Employees need to be aware of the latest threats and how to protect themselves and their devices. This can include training on best practices for working from home, such as using strong passwords and securing their home Wi-Fi network. Employees' personal internet routers are now tasked with protecting company-issued devices and data. When was the last time you updated your router's firmware?
The Development Zone provides a collection of courses related to cyber-attacks to enhance the knowledge of your employees and protect your firm, including:
- Introducing Cyber Risks
- Managing Cyber Risks
- Cyber Risk Exposures
- Cyber Extortion
Existing users can find these courses and over 500 more, in their course catalogue.
If you are new to the Aviva Development Zone, we offer a 14-day free trial where you can try every feature and every course! Start your free trial today by clicking here.