Working from home can be challenging for a number of reasons.
You’ve got enough to worry about, whether it’s schooling your children, getting the angle right on your webcam, or making a sleek exit from that group conference call (cue close-up views of your colleague’s faces, as everyone tries to locate the exit button).
Tip: if you’re the host, be a champ and end the call for everyone!
But jokes aside, the last thing you want to worry about is the really big, serious stuff. As in a cyber-attack, compromising your systems and data. This could result in upset customers and endanger your startup’s future – particularly with the GDPR imposing fines of up to €20m or 4% of annual turnover!
So, to help you out, we caught up with our insurance friends at Digital Risks, to get their top tips on how to protect your business against cybercrime.
1. Secure your passwords.
Compromised passwords are one of the leading causes of data breaches – and one of the easiest to mitigate. When setting up access to systems and creating new accounts, be sure to create secure passwords and have a system in place to have your team do the same. There are plenty of password manager tools to help you with this, which can be extra helpful if some accounts need to be accessed by multiple people (but be extra careful to make sure that access to these passwords is strictly on a need-to-know basis).
Tip: Insisting on passwords being updated regularly isn’t enough. It often leads to people picking new passwords with only the slightest variation. Adding an extra number to a compromised password isn’t going to secure the account!
2. VC with care.
Video conferencing tools such as Zoom have experienced skyrocketing numbers of users since lockdown began. And while they’re great for facilitating meetings when working remotely, there have been a few bumps along the way. The web’s awash with stories of webcam crashers, lurkers and exposure of sensitive content have made their rounds – and not without good reason.
To avoid landing yourself in hot water, it’s best to take a few precautions. From sharing your conference ID sparingly to making use of the waiting room feature, Wired has put together a great guide to keeping Zoom chats private and secure.
3. Train your team to recognise risks.
While human error is often blamed for cyber breaches, many businesses fail to give their employees a chance. And although some threats are definitely too sophisticated and behind-the-scenes for most of us to detect, plenty are recognisible – when you know what to look out for. Falling victim to phishing in particular, which accounted for 90% of data breaches in 2019, can sometimes be avoided.
What is phishing?
Phishing is a form of social engineering in which a cyber criminal targets a victim, usually by email, posing as someone else (often a friend, colleague, or trusted organisation such as a bank) in order to extract personally identifiable information. The aim is then to use this information to gain access to money or valuable sensitive information.
You’ve most likely received, and recognised, a phishing email. Perhaps you received the obvious one, a few years ago, which was allegedly from a prince, asking urgently for a large amount of money. But many phishing emails are a little more difficult to recognise, so it can be a good idea to help your team, through training, to recognise these threats.
Tip: The National Cyber Security Centre (NCSC) offers useful interactive e-learning tutorials aimed at small businesses
4. Never take anything at face value.
This one applies to so many situations, but in the context of cyber security, as with phishing, it’s all about being vigilant when it comes to emails. UK Finance’s Take Five to Stop Fraud campaign breaks this down pretty well.
In short: never trust an email at face value. Even if it appears to come from a reputable source, it’s worth erring on the side of caution. If it appears to be an email from a financially regulated company, you can check its authenticity through the Financial Services Register and scam Warning List. If it relates to a credit card, refer to the contact number on your card and call them up to confirm the legitimacy of the email. Better safe than sorry!
Tip: Rather than immediately clicking on a link within an email, hover over it to see the address – or right click, copy and paste it before heading to it. If anything looks odd, don’t press enter.
5. Limit apps on devices used for work.
With 1 in 36 mobile devices having high-risk apps installed, it’s important to have an overview and limit on the apps your team downloads on their devices, if they’re also being used for work purposes. This is because apps are often linked to unintentional data sharing. It’s a good idea to consider having your team make use of a ‘Work Profile’ (on Androids) – enabling them to separate work and personal apps – or the Google Device Policy app (on iOs).
And remember, no matter how many measures you put in place to secure your data, no one’s infallible. Having cyber insurance in place to protect your startup is never a bad idea.