Home Working Can Often Be A Security Threat

The majority of small business owners let their employees work remotely when it’s needed, but often many haven’t trained those employees on cyber-security. It’s a gap that could leave businesses open to a cyber attack, according to the US Nationwide Insurance company.
 
In the company’s latest annual survey of small business owners, it found that one-fifth of small business owners have not provided formal cybersecurity training for their employees. The security lapses employees may have at remote locations represent one of the largest threats to cybersecurity. 
 
An attacker could break into a worker’s computer over a public Wi-Fi network, for example. “What may seem like a harmless public Wi-Fi network could ultimately pose serious troubles for a business,” said Catherine Rudow, Nationwide’s vice president of cyber insurance.
 
While 83 percent of small business owners, and 95 percent of young business owners, allow employees to work remotely, only half have updated their remote security policies in the past year, the survey found.
 
“Many employees may not realise the magnitude of risk associated with a cyberattack as they may not have engaged in a formal training process,” Rudow said..... “The scary truth is that many small business owners, even if they are aware of these risks, have not implemented all the proper measures of protection.”
 
Sixty-five percent of business owners surveyed said they’ve been the victim of a cyberattack. Computer viruses were the most common type of attack, and 7 percent of companies fail to regularly update security software. 
 
Protect Against Ransomware
The Department of Homeland Security (DHS) wants to help small businesses across America protect against ransomware, and the National Cybersecurity and Communications Integration Center (NCCIC) has issued this message:
 
NCCIC has received multiple reports of WannaCry ransomware infections worldwide. Ransomware is a type of malicious software that infects and restricts access to a computer until a ransom is paid. Although there are other methods of delivery, ransomware is frequently delivered through phishing emails and exploits unpatched vulnerabilities in software.
 
Phishing emails are crafted to appear as though they have been sent from a legitimate organization or known individual.
 
These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer may become infected with malware. A commitment to cyber hygiene and best practices is critical to protecting organisations and users from cyber threats, including malware.
 
How to Protect your Business
Only 4 percent of business owners have implemented all of the cyber-security best practices recommended by the US Small Business Administration, the survey found. 
 
Here’s what the SBA and DHS recommend:
In advice specific to the recent WannaCry ransomware threat, users should:
 
• Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently. For instance, contact your organisation's helpdesk or search the Internet for the main website of the organisation or topic mentioned in the email.
• Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments.
• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Avoid providing personal information or information about your organisation, including its structure or networks, unless you are certain of a person's authority to have the information. 
• Avoid revealing personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Be cautious about sending sensitive information over the Internet before checking a website's security.
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from anti-phishing groups such as the APWG.
• Use and update antivirus and anti-spyware software. Most of them can be set to install updates automatically. 
• Secure your networks with a firewall and encrypt information. Keep Wi-Fi networks secure and hidden, and require a password to access the router.
• Set policies for how employees should protect sensitive data like personal information. Also set consequences for violating the policy. 
• Educate employees about cyber threats. Show them how to protect the business’ data and safely use the Internet. Require them to use strong passwords and change them often, ideally with multifactor authentication beyond a password.
• Work with banks and other payment processors to ensure anti-fraud services are in place. See if they offer multi-factor authentication, too.
• Regularly back up data on all computers, including text documents, spreadsheets, databases, financial information, human resources files, etc. 
• Control physical access to computers and other devices that can access the business’ network. Make sure each employee has a separate user account with strong passwords. Give administrative privileges only to those who need them.
• Make a plan for mobile device security. Require users to set passwords, encrypt their data and install security apps to protect information while connected to public networks. 
• Protect all pages on company websites, not just checkout or signup pages.
 
 Fox Business:      US Small Business Administration:        US Small Business Administration
 
You Might Also Read: 
 
How to Ensure Your Remote Employees’ Cybersecurity
 
Creating A  Working Culture Of Computer Security (£):         
 
Half Of UK Businesses Have Fallen For Phishing Attacks:
 
 
« Connected Cars Are The New Attack Vector
Cyberwar Between Nation-States Damages Business »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

Kyndryl

Kyndryl

Kyndryl has a comprehensive portfolio that leverages hybrid cloud solutions, business resiliency, and network services to help optimize your IT workloads and transformations.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

CSIR Information & Cybersecurity Research Centre

CSIR Information & Cybersecurity Research Centre

The CSIR Information & Cybersecurity Research Centre focuses on research, development, and innovation of home-grown cyber and information security.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

ISSQUARED

ISSQUARED

ISSQUARED is a leading provider of Cyber Security, Cloud, Infrastructure, Consulting and Digital Transformation services.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.