Three ways cybercriminals can target you and your business if you’re working from home

Three ways cybercriminals can target you and your business

Working from home comes with some risks and it’s important to address these as a matter of priority. Chiefly, cybersecurity risks have increased as more people are working from home. This means it’s important to consider your organisation’s approach to mitigating cyber risk. As well as having appropriate cybersecurity controls in place, it might be appropriate to consider cyber insurance.

The coronavirus lockdown meant many office workers around New Zealand suddenly found themselves working from home. Even as restrictions ease, many organisations are finding that working from home delivers productivity and flexibility benefits that make a more permanent remote working arrangement attractive.  

However, working from home also comes with some risks and it’s important to address these as a matter of priority. Chiefly, cybersecurity risks have increased as more people are working from home.

This means it’s important to consider your organisation’s approach to mitigating cyber risk. As well as having appropriate cybersecurity controls in place, it might be appropriate to consider  cyber insurance. This type of insurance covers you for the losses your business may suffer as a result of a successful cyberattack.

While you may not have considered cyber insurance in the past, the risks have continued to increase, so it’s important to reassess your risk. For most companies, it’s not a question of if you’ll be attacked, but when. Cybercriminals are increasingly targeting small businesses due to a perception that these businesses aren’t as well defended as large enterprises.

However, not only can you defend yourself against potential cyberattacks, you can also fortify your business with cyber insurance. This provides that extra peace of mind that, if a sophisticated cybercriminal does get through your defences and your business suffers financial losses as a result, you will be covered.

Three key threats to be aware of

  1. Malware posing as productivity apps

Employees may be downloading apps to help them stay productive as they work from home. Unfortunately, some of these apps can contain malware or security vulnerabilities that put your organisation at risk. To protect your business, don’t download an app, even from a reputable app store, without first checking to see that it’s been reviewed positively by many users. An app with only a few reviews or with negative reviews could present a risk.

  1. Hackers using brute force to break into systems

Sometimes hackers use a technique known as brute force, which can overcome password protection. Often, this process is easy because people use passwords that are obvious or simple to guess. People also tend to use the same password for multiple sites. This means that a hacker who cracks one password can then access many other systems and networks. To protect your business, make sure you and your employees use passwords or passphrases that are complex, random, and extremely hard to guess. Ensure everyone uses a different password for each system or site. And, make sure these passwords and passphrases are changed regularly.

  1. Phishing scams tricking users into acting

Phishing is a social engineering approach that relies on tricking users into taking certain actions. For example, an admin staff member may receive an email that appears to be from the managing director instructing them to buy iTunes gift cards for client gifts or something similar. The email makes the request sound plausible but, as soon as the staff member responds with details of the purchased cards, the scammer can use them.

This costs you real money, so it’s important to be vigilant and treat any emailed request as potential suspicious.  Instruct everyone in your office to be aware of emails or SMS messages such as these, and to refrain from ever clicking on a link in an email or SMS. Instead, they should contact the company or institution directly to confirm whether the claim in the email is true.

By refusing to take such emails at face value, you and your employees can save your organisation significantly in terms of time, money, and stress caused by a successful cyberattack.

Where to from here

These are just three examples of the types of attacks cybercriminals are currently launching. Working from home means your business needs to be extra secure, which can be achieved through both behaviours (which cost nothing) and security tools.

If you do currently purchase cyber insurance you should update your broker if you have had a change in your operating structure and now have employees working from home in some capacity.

To find out more about this type of insurance, including whether it’s appropriate for your business, contact an experienced insurance broker today.