Coronavirus update: Cybersecurity in an era of working from home

As government-mandated lockdown comes into force, there are some existing risks to small business that could be felt more acutely if precautions aren’t taken. That’s right, it’s time to rethink your cybersecurity protocols.

Small businesses are already experiencing a financial downturn as a result of COVID-19.

Now, governments in Australia and New Zealand have announced further measures to restrict business activity to the bare essentials in a bid to prevent people meeting face to face and spreading the virus further.

This is resulting in an increasing number of workers and business owners reorganising their life around working from home.

Key COVID-19 lockdown concerns for small businesses:

• Lockdowns are in place, so priority #1 is figuring out how to continue trading, where possible
• For those who can do so, remote work is quickly becoming the norm, but this is causing challenges of its own
• Small businesses aren’t all prepared for remote work and may not be aware of additional cybersecurity measures that should be taken
• MYOB has offered 11 tips for improving your cybersecurity in lockdown below

And while that may be fine for those in larger organisations where systems and processes related to remote work have been in place for years, many small businesses are struggling to adjust.

“As we’ve watched countries across Europe effectively lock down their economies, it is becoming increasingly clear that businesses will be looking for ways to keep their operations running, and we should be providing support to enable them to do so,” said MYOB’s NZ country manager, Ingrid Cronin-Knight.

“Most SME’s will not have experienced a disruption to their business of this magnitude, and while technology has enabled more flexibility to connect in a virtual environment, many businesses will not have the knowledge or capability to implement such a significant change quickly and safely.

“Alongside the technical challenges of scaling up their work from home operation, are the risks – potentially very large – of securing these businesses against cyberattack.”

Cronin-Knight said security experts are warning about the risks of large scale moves to remote working, as cyber criminals seek to exploit the opportunity of more businesses moving online.

According to the MYOB Business Monitor survey of 1,000 New Zealand SMEs, almost a third (29 percent) of the nation’s businesses have been the victim of a cyber security breach in the form of malware, online scam, hack, phishing or ransomware attack.

The Australian Competition and Consumer Commission’s Scamwatch has also received multiple reports of COVID-19-themed scam texts being sent to the public, so it’s not hard to imagine government lockdowns will create an ideal environment for scammers, hackers and fraudsters.

Mitigating the risks to business of working from home

As working from home programs becoming increasingly prevalent to reduce the spread of COVID-19, cybersecurity will therefore become a key risk to be addressed by SMEs implementing this model.

MYOB’s head of product, SME, Dale Dixon says in the rapidly changing environment businesses should be as prepared as they can be for remote work, with clear guidelines on how to protect themselves and their businesses as best they can.

“If we follow the same path as many other countries and go into ‘lockdown’, businesses will look to keep their operations running by implementing remote working technology,” said Dixon.

“Not all businesses will have the knowledge or capability to implement a significant change to how they work quickly and safely.”

That’s because staff members working from home may not have access to the same tools and information an entire business has when planning cybersecurity measures, and the staff who would normally support them don’t have the same access they usually would.

There are several actions that SMEs can take to protect themselves online including updating all software with the latest security upgrades and patches, installing and updating firewalls on home services and using technology to enable password protection, such as 2-Factor Authentication (2FA).

In addition, it’s important to educate other home occupants, including kids, on the risks of scams, malware and phishing attacks that could infect devices.

Further, small business owners should seek to protect business communications by using a VPN or another secure communication method when connecting to your business over Public WiFi services.

“It’s important that all businesses consider the key security and continuity risks involved in transitioning to a remote working operation,” said Dixon.

Security recommendations for SMEs working from home:

1. Update all software and operating systems with the latest security updates and patches
2. Make sure firewall technologies are installed and configured appropriately on systems used at home
3. Keep all endpoint protection services, such as anti-virus and anti-malware software enabled and updated
4. Ensure routers and other telecommunications equipment don’t use default passwords and credentials.
5. Use multi-factor authentication (2FA) for all remotely accessible services and systems where possible (2FA creates additional security by requiring a one-use code generated by an authorisation app)
6. Update filtering for spam and malware on email systems
7. Make sure backups are in place on all key systems and data
8. Don’t store customer data without adequate security
9. Keep staff informed of all incident response procedures as they apply to remote working
10. Make certain that administrators or privileged users are aware and follow all security processes and procedures
11. Provide adequate security awareness training regarding staying safe at home