For the last few years, cybersecurity has been increasingly important for many businesses. Cyber attacks can be devastating to small businesses as 60% of them shut down within only six months of an attack.
While there have been significant improvements made to cybersecurity plans over the years, 2020 and the coronavirus pandemic has changed everything. Without security protections such as firewalls and blacklisted IP addresses that office systems give to employees, companies are far more vulnerable to cyber-attacks.
As well as this, CISO’s Benchmark Report 2020, found that organizations are struggling to manage remote workers’ use of phones and other mobile devices and that 52% of respondents said that mobile devices are now very challenging to protect from cyber threats.
Another risk that has increased is phishing scams. People are relying on emails more than ever to communicate with their colleagues as they’re not able to talk to them as often as they would in the office.
A recent report found that there has been a 600% increase in reported phishing emails since the end of February, with many of them cashing in on the uncertainty surrounding the pandemic and 78% of remote workers who worked on their personal devices during the lockdown period between March and July 2020 said they received phishing emails, either in their work or personal inboxes.
More worryingly, 68% said they clicked a link or downloaded an attachment from the phishing emails they received on their personal device.
As you can see, the risks are now far greater to your business than they ever were before. So, are you prepared for a cyber-attack, and what do you need to do to get prepared?
Review Your Security Policies
To start with you need to take a look at your security policies that you have in place. They should be reviewed regularly anyway so when things change, such as a shift to working from home, then they should be reviewed again and adapted.
Did you know that weak or insufficient passwords cause more than half of all data breaches, yet only 24% of small businesses have strict password policies in place? Among those that do have a formal policy in place, 65% of companies say they don’t actively enforce it.
Take time to review your security policies every few months to make sure they’re comprehensive and enforceable. It’s also wise to be on the lookout for new strategies that you can put in place to shore up vulnerable areas of the business. Make sure that you have a remote working policy too as this will help in the future too.
Educate yourself and your employees on the risks and resolutions in the event of a cyber attack.
Your staff needs to be aware of the issues that could arise, they need to know how to recognize suspicious emails. There are plenty of cyber security courses that you and your employees can go on so that you are all adequately trained in what to do and what not to do.
Conduct Regular Cybersecurity Drills
If you were in the office then you would regularly practice fire drills, but would you do the same for a cybersecurity breach? If not, then you should include it as part of your policy. However, you can still conduct regular cybersecurity drills while you are working remotely and in fact, it’s probably more important that you do.
During a cybersecurity drill, you should assess response timing on multiple levels, see how quickly individuals and teams respond and either thwart or mitigate a cyber attack and also how fast are you able to inform customers of the most current and accurate information?
Invest in the Right Insurance Policies
Since the pandemic, you might need to review and change your cyber liability insurance if you have any at all. If you don’t have any then now is the time to get it as should anything happen the insurance will help to mitigate the costs of an attack. Just make sure that the policy covers everything you need it to and look out for COVID-19 clauses.
Regularly Review And Adapt Your Policies
Yes, this is a repeat of the first point but that’s because it is so important. You need to regularly check that the security measures are taken.
As many of the solutions for working remotely were rolled out under enormous time pressure at the beginning of the crisis, it’s time to review them now to make sure that they are working and to see what they can be improved. Continue to review and strengthen your policies to keep you and your company safe.