As Britain enters its sixth week of Covid-19 lockdown, businesses and employees are well into the swing of working from home. However, now is not the time to relax your cybersecurity policies and procedures. In fact, your team will benefit from a reminder on how to ensure they are using best practices to protect your network from possible cyber-attacks.
Data protection and GDPR compliance is only one part of a comprehensive cybersecurity risk assessment and mitigation plan.
However, most organisations fail to understand the level of risk involved, best practices for mitigating risk and how to ensure procedures are in place, so cybersecurity threats can be contained and the business can recover quickly from an event.
This is illustrated in the 2019 government survey on cybersecurity breaches which showed over a third (32%) of businesses, and more than a fifth of charities (22%) had observed cybersecurity breaches over the past 12 months.
So how can organisations ensure their network is protected from cyberattacks?
Identifying and mitigating risk
Companies need to implement necessary countermeasures to limit and contain cybersecurity exposure, especially if team members are working from home.
The best form of defence and best practice includes a strategy of rolling assessment and testing with an effective incident response plan. This is a risk-based approach where the organisation is using a comprehensive approach to detect possible weaknesses, along with introducing processes to keep everyone informed of new threats.
This enables businesses to boost the chances of a fast and effective response to threats, increasing the likelihood of a quick and easy recovery, when and if such an event occurs.
Instilling good security habits
A successful cybersecurity risk management plan must include a framework for ensuring that all employees observe safe online and digital communication practices.
To protect against phishing emails and fraudulent instant messaging attachments, two of the most common types of cyber hacks, employees should be vigilant in never opening a file or link from an unknown sender. Hovering over a link can help people check its details and this may highlight a suspect email address or link.
Rather than sending files over email, set up a shared file system from the many available.
Virtual Private Networks (VPNs) provide protection against external hacking threats, for example, a criminal trying to steal information during a transfer. However, VPNs cannot protect against physical viruses and malware. The only dependable protection against such threats is a stringent cybersecurity culture, which includes regular risk assessments and information sharing regarding new hazards.
Early response actions, clear policies and procedures, and a robust cybersecurity culture can decrease the risk of a cyberattack. The key to this is planning and communication. This goes far beyond a checkbox approach. It requires continuous and comprehensive risk-based preparation and organisation, involving team leaders and your IT support.
Securing your IT infrastructure against cyberattacks will prevent your business from inadvertently becoming another casualty of the Covid-19 outbreak.
All information is correct as of 28 April 2020.
LawBite will continue to issue additional advice on the impact of Covid-19 on businesses.
Keep up to date with the latest UK government guidance for businesses and employees at https://www.gov.uk/government/news/coronavirus-covid-19-guidance-for-employees-employers-and-businesses
If you require any legal advice, please visit www.lawbite.co.uk.
LawBite is an on-line platform that seamlessly connects businesses to expert legal help that is clearer and more affordable, usually 50% lower than from comparable services.
We offer a 15 minute free consultation for business legal advice.
LawBite continues to issue advice on the impact of Covid-19 on businesses.