With thousands of office workers expected to be working from home for at least half their time until the end of 2020, it’s up to employers to ensure their staff have everything they need to do their jobs remotely and keep their businesses and privacy safe from cybercriminals.
While those working from home have started settling into new routines, scammers have seen nothing but dollar signs. According to Scamwatch, 2020 has already seen cybercriminals rake in more than $52 million, with that number expected to climb as the year continues.
Small to medium-sized businesses (SMBs) are particularly vulnerable, with Telstra’s Business Intelligence Report 2020 showing that 27% of SMB respondents have no security practices in place at all. Of the SMBs that experienced attacks, just over half took several days or longer to resolve the incident and regain control, with 32% of them experiencing a financial outlay or loss as a result.
Whether the business is big or small, their leaders must help staff working from home recognise and defend against these threats, even if they believe they won’t be affected. The simple fact is, it can happen to anyone.
Here are 3 things employers and workers should keep in mind to keep themselves and their companies protected.
When people work from home, they’re often using their own devices on their own home networks, which means the safety precautions often in place within business networks are not in effect. Without these defences to fall back on, businesses must educate their staff on how to identify a scam or attack.
This is especially important for unprotected SMBs. Telstra’s report shows that 63% of SMB owner respondents agree or strongly agree that their employees fully understand cyber security threats and how to keep customers data secure, yet only 49% of those surveyed say they are actually confident in that understanding. With that kind of knowledge gap, staff must be kept up to date on common scams, how to identify them and the steps to take when they do.
Comprehensive protection by Telstra with 24/7 support and regular checkups can put you and your business in touch with trusted advisors, making it an important solution for any SMB, but particularly those not confident with identifying threats.
“Attacks are constantly evolving so the best line of defence is often education – how to identify and attack and the practices that reduce risk,” Telstra’s Cyber Security Executive Matthew O’Brien told Lifehacker Australia. “This is something we proactively help our Cyber Security Customers with through updates and assessments of their employee work practices.”
Scamwatch is also a good place to check for updates on new scams.
Be careful with online communication
Employers should be checking in with staff regularly to ensure that they’re doing okay, have what they need to do their jobs and are making progress. However, if the business you run or work for deals with sensitive information, be very careful with how you share it.
Programs like Slack are fantastic for staying in contact in these times, and unfortunately, scammers are well aware of this fact. “There have been more attacks on data like emails and company gossip, that may not be seen as valuable but do have value to the company’s brand,” Paul Calatayud, chief security officer at security company Palo Alto Networks said on a panel hosted by the National Cyber security Alliance.
“The model has changed from ‘How do I take this data and sell it on the market,’ to, ‘How do I take this data and hold it for ransom and hold it against it because you perceive it to be valuable?’”
With this in mind, it’s important that staff and business owners are conscious of what they say online, even if they think it’s between themselves. Some businesses are going to be more prone to these kinds of attacks than others, but every business should have a post-breach plan in place to help you bounce back quickly in the event of an attack. Telstra’s Business Cyber Security Services include this as part of its comprehensive plan, which should be strongly considered by the one in four businesses that do not have any incident response plan in place.
As of July 1, 2020, this also includes Endpoint Protection (EPP), which provides an added layer of protection for mobile devices and laptops. Telstra also recommends Cyber Security Services as the most relevant protection for a remote workforce, providing web, email and antivirus software that can defend against “just about any type of attack imaginable”.
Other advanced features include full disk encryption and a machine learning function which learns and monitors the behaviour of applications like Word, Adobe, Chrome, Outlook, Windows Media Player and more to identify foul play.
Take care with billing
Scammers will also try and craft convincing emails and invoices which look like they’re from a legitimate company you often deal with but are actually fake. They may ask you to click on a particular link or provide sensitive information they can use to blackmail you or your employer.
Some may even attach malicious software (malware) to the email and request that you download it. Once installed — often without you ever knowing — certain types of malware can track exactly what you do down to the keys you press and things you click, revealing sensitive login information and other privacy concerns.
Luckily, there are plenty of tells to look out for when it comes to these kinds of attacks, so be sure you know what they are.
To ensure fake invoices are not paid, limit the responsibility to a small number of people, preferably those who deal with and know suppliers well enough to spot a fake. Invoices should always be reconciled with the goods or services purchased and the fine print should always be checked before arranging payment.
“If you don’t think you’re a target consider your cash flow, not your revenue,” O’Brien said. “A builder who is a sole trader will be processing tens or even hundreds of thousands in material invoices, which is easily enough for an attacker to prey on your business. An attack like this will put a business in real financial trouble and affect the trust of suppliers and contractors if they can’t be paid.”
“That’s why no matter how small, it’s important for a business to have multi-layered protection in place to minimise the potential entry points for attackers.”
To ensure your business is as protected as it should be against threats like these, you can learn more about Telstra’s business protection here.