CGI has the answers to six key questions for your business
Since lockdown, is the cyber threat level up for business, and if so how much as it increased by?
Yes it is. The Coronavirus pandemic has created a ‘perfect storm’ when it comes to the range and scope of cyber threats in every sector of business.
CGI is seeing a significant increase in the number of malicious activities as firms and organisations adapt their working practices under lockdown. All security centres in the government and industry are reporting spikes of such instances, as sustained attacks feed off people’s fears and uncertainty.
What new tactics have cyber criminals tried to use since lockdown began?
Cyber criminals have developed many new tactics, but based on tried and tested formulas honed in a constantly evolving threat landscape.
The most common, phishing emails, are designed to look official in order to lure your business and staff into a misstep by clicking on the links. Recent examples have targeted businesses in the Highlands with emails saying Government grants have been cleared.
We see a continuing trend of these malicious emails and text messages. By clicking on links, you open up a world of opportunity to the attacker. Similarly, attachments can quickly infect users with malware. One momentary lapse in concentration can result in your system becoming laced with Trojans, Rootkits, Ransomware, etc.
Businesses must remember, mobile phones and tablets aren’t immune from threats, with applications and ‘infection tracker maps’ also rife with viruses.
Is my business safe using the home internet connections of remote working staff?
Not unless you take appropriate steps to manage the increased risks. This is particularly difficult for SMEs, who might not have their own business network. The lockdown means far more company staff are working remotely outwith their company networks.
Security safeguards – for instance secure logins – are not always available to home-users, while some users have been forced to use their own personal systems, which don’t have this level of protection.
Adaptions can be made to ensure business networks remain safe:
- Ensure devices have the latest patches from software vendors installed, and have up to date antivirus running
- Use two factor authentication wherever this is an option. Also ensure you use different passwords for you work systems to those used for your personal life.
- Data Loss Prevention (establishing and enforcing rules for the transfer of information outside the business including via chat or collaboration platforms)
- Ensure your backups are working and include and necessary data being processed locally while people are working from home
Most importantly, staff must take a common sense approach to look out for unsolicited emails, or anything that sets off alarm bells in their heads.
So what ‘common sense’ approaches can my staff take when working from home?
If you follow CGI’s advice it will help minimise the risk. Be wary of:
- Unexpected or unsolicited emails
- Emails stressing urgency, especially those announcing pandemic details and asking you to click a link or provide personal details
- Odd or unfamiliar greetings
- Odd email addresses that are out of place for the agency portrayed
- Spelling or grammar errors, or text phrased in an odd way
- Attachments: do not open if you were not expecting them. If the ‘sender’ is known, check with them verbally to make sure they haven’t been compromised
- Embedded links: Hover your mouse over the link to see if the ‘advertised’ address matches the link provided. The safest option is to navigate independently to the official website quoted and not use the link. Even if you do click on a malicious link, do not feel reassured if you receive a notice such as “404 ERROR – WEBSITE NOT FOUND.” You may still have been compromised
Is there a simple do’s and don’ts guide people should follow while working from home?
Yes there is. People can double down by adhering to the following:
- Wherever possible use a laptop issued by your work. It likely contains more robust safeguards than your personal computer
- Where available use an approved secure remote access connection to connect to work – most such connections include an encrypted point-to-point VPN session
- Ensure your end-point is updated. Likewise, make sure all available software and security updates and patches have been applied and that your anti-malware is up to date
- Do not disable security safeguards such as anti-malware or firewalls
- Do not browse the web while not connected to your corporate VPN. While connected, you will likely benefit from additional protections in your enterprise network
- If you have to leave your computer unattended, ensure you close any remote access connection and lock your screen with a password or shut it down
- Avoid using public Wi-Fi or conducting work in public places
- Keep in touch with your organisation and stay alert for any announcements about cyber security
- Once more, don’t click on unexpected or unsolicited emails
If carried out correctly, this will help reduce the level of threat.
What should you do if you think you’ve been scammed and you’re at home?
Your reaction to a breach in security is as vital as your preventative attempts.
If you are on a business network and you suspect your computer may be compromised, then:
- Terminate remote access if you are connected to a network
- Disconnect your computer from network connections
- Power off your computer completely
- Contact your organisation’s IT support and follow their instructions
If you’re not on a business network and you are scammed, then:
- Disconnect your computer from network connections
- Use a different device and connection to look for information on your suspected scam
- If you have been tricked and your machine is infected:
- Check if you have Cyber Incident Response insurance that may cover legal fees and technical investigations
- If you have valuable data that may be lost, strongly consider getting professional advice from an incident response provider
- Change your passwords
- If you have backups of your data that you are confident are not infected, reinstall the operating system, install, update, and run antivirus software and then restore your data.
- Regularly run antivirus scans to check if you are still infected.
Richard Holmes is head of Cyber Security Services for CGI UK
For more information please contact mark.thompson1@cgi.com
Media Contact: Philip Gates on 07525 645350 or email philip.gates@morrison-media.co.uk or Craig Ritchie on 07919 815926 or email craig.ritchie@morrison-media.co.uk