Improve your business’s cybersecurity: How to identify security threats and protect against scammers post-Covid

Megan Bray January 13th 2022 - 4 minute read

Cybersecurity in the age of Covid

While the coronavirus pandemic has been a difficult time for everyone in terms of safeguarding our health and learning to live with restricted social freedoms, it has undoubtedly afforded us an opportunity to revolutionise the way we work.

Corporate workplaces have been forced to embrace flexibility, accommodating home-working and experimenting with new forms of communication: as travel was restricted, more and more people became familiar with ‘Zoom’ calls.

Unfortunately, employers and video-chat programmers aren’t the only ones who’ve learned how to make the most of pandemic conditions. Cyber criminals have also learnt how to adapt.

This article will explore potential vulnerabilities your business may face, as well as solutions to prevent private information being accessed by hackers.

Remote working

Several of the biggest cybersecurity concerns that have arisen since the start of the pandemic relate to the lack of regulation within home-working environments.

While it’s it can be difficult enough to enforce cybersecurity protocol within the office, it’s even harder to police the hardware (and software) that employees use on their home devices.

Desktops, laptops and mobile phones can be accessed by anyone living with an employee, and therefore present far a greater security risk.

Home networks also tend to be less secure than workplace internet, as Wi-Fi passwords may be easier to guess and could be shared with several family members and friends.

Remote working also increases the likelihood of impersonation. Where it’s possible to verify a colleague’s identity in person, communication via email or messenger presents the question of whether you’re really talking to who you think you are.

Office working

Security threats aren’t exclusive to a home-working environment: Covid-specific phishing attempts can occur anywhere, preying upon anxiety.

Threat actors manipulate people’s fear of the virus to convince them to overlook common-sense security practices such as not clicking on suspicious links or opening emails from an unknown sender.

Onboarding new staff members and ensuring they have done the necessary security training can also be harder when you’re unable to talk them through it in person.

Security solutions

There are several solutions to help protect your business from cybersecurity threats. These can be divided into physical measures, virtual measures and behavioural measures:

Physical security measures

Physical security measures are things you can do to safeguard the office building and the equipment within it.

Hardware and infrastructure are the focus points of maintaining physical security. If you have the financial capacity, it can be worth investing in equipment capable of enhanced security options: if your employees use work phones, for example, give them devices capable of fingerprint or facial recognition.

Conversely, if employees use their own devices, make sure there are clear guidelines around their use. Put in place a device approval policy to ensure a minimum security software requirement.

Finally, consider basic access protocol. Who has access to the building, each floor and the devices therein? If access extends to anyone walking past on the street, it may be worth implementing access fobs or pass swipe-ins.

Virtual security measures

Virtual security encompasses the integrity of the devices in your office and those used to work from home.

Perhaps the easiest virtual security measure is to implement multiple-factor-authentication (MFA). A common MFA practice is to have users sign in with a password, then submit a security code texted to their phone.

Another measure is installing anti-virus software. This can be programmed to auto-update on company computers, but you may also want staff to install it on their home PCs. Ask employees to bring their home devices in so you can help them set it up, or direct them to a recommended provider and refund the cost of the package.

The software you purchase ought to include firewall management, anti-virus and anti-malware protections – for the most comprehensive and cost-effective package, compare applications online.

For those continuing to work remotely, a virtual private network (VPN) should be used by staff to access sensitive data or applications. Like a Wi-Fi network, users log into a VPN using company credentials and a password: once employees are on the network, their work is protected.

It’s possible to adjust your company network or VPN settings in order to block unknown users, or specific known users. You can do this yourself by , or hire an IT professional to do it for you.

Behavioural security measures

Behavioural security measures include practical actions taken to minimise employees’ susceptibility to cybercrime.

Perhaps the most important behavioural measure is to introduce mandatory cybersecurity training for all company employees. This will ensure that staff are able to recognise security threats, minimising the chances of a possible breach.

Another recommended measure is to allocate a senior security officer to enforce cybersecurity best practice and deliver risk assessments. This individual can be internal or external to the business and can also be responsible for implementing a recovery plan if secure systems are infiltrated.

Final recommendations

If you’re able to implement each of the measures above, your cybersecurity will be pretty comprehensive. In order to keep it that way, make sure to revisit each action on a regular basis: rerunning training, upgrading both hardware and software and ensuring building security is consistently monitored.

Because of the constant demands on attention when running a business, it’s a smart move to hire a cybersecurity expert. Letting best practice slide will risk your business’s integrity, as virtual threats develop rapidly with new technology.

What’s more, setting a positive example, by either taking charge of security or nominating a professional to do it, communicates to your employees how important cybersecurity is for the business.

Written by
Megan Bray

Select a topic: