Independent Financial Advisers and insurance brokers with offices in Newtown, Aberystwyth and Shrewsbury, have issued advice to businesses to help protect them from the emerging cyber security risks during the COVID-19 lockdown.
Rees Astley, which celebrated its 50th birthday last year, says cyber threats to businesses are evolving as employees work remotely from home during the lockdown.
Most of the company’s staff are working remotely, with a skeleton staff based in the three offices taking calls from customers.
“Remote working and new technology may not be as secure as first thought,” said Nick Jacques, from Rees Astley. “All industries are being targeted.
“Attacks are increasing because of the reliance on IT as remote access becomes critical to business operation. Home workers are an easy target for cyber criminals capitalising on the COVID-19 situation to exploit vulnerabilities.
“There has been a significant move to remote working and use of IT equipment normally located in an office environment. The disruption to employees and suppliers may expose vulnerabilities of any existing risk as new remote working practices will increase staff uncertainty.
“Logistical changes create opportunities for cyber criminals – disruption to work practices, staff shortages and financial pressures can lead to vulnerabilities.
“Where companies have adapted their business function to continue trading or have diversified their operations, there will be changes to normal business processes with communications and paperwork coming from unfamiliar suppliers. All of this creates risk and an opportunistic environment for cyber criminals.”
“Many initial business responses to the COVID-19 situation will have had a negative impact on cyber security arrangements. By implementing a series of key actions businesses can reduce the threat of cyber-attacks.”
The 18 key actions recommended by Rees Astley to counteract opportunistic cyber threats are:
- Secure remote working arrangements.
- Monitor remote working and take action when issues arise.
- Ensure remote access systems are fully protected and resilient.
- Ensure normal security arrangements function in a remote environment.
- As key security controls may have been overlooked, review the remote technology you now have in place.
- Ensure the continuity of critical security arrangements.
- Understand which of your activities are critical and need monitoring closely.
- Consider freezing IT changes to critical systems if normal implementation cannot be followed.
- Check that remote updates and patches are working correctly.
- Update your response plan so it still functions in a remote environment.
- Put steps in place to counter opportunistic threats.
- Reinforce cyber awareness in your workforce so they are aware of these new threats and know how to respond to them.
- Install increased defences around your email system and workstations to mitigate against the increased risk of phishing.
- Put safeguards in place so staff know how to authenticate requests for payment or sensitive data.
- Have a plan for quickly managing threats posed by individuals from within your company.
- Review your company incident plan to make sure it works for current working operations. Have a hard copy so everyone knows who the key contacts are and how to get in touch.
- Include numbers and special and mixed case characters in passwords.
- Run live backups regularly in addition to your normal backup system.