With a second lockdown a very real possibility, are we in danger of further cyber security threats? Richard Forrest, Senior Associate at Hayes Connor discusses
The UK government has put new regulations in place from 14 September, restricting social gatherings to no more than six people, indoors and outdoors. This is potentially the most drastic restriction to date, as it has become illegal to do so with the threat of a £100 fine. But what does this mean for the UK’s cyber security?
COVID-19 changed the way we live and work at the drop of a hat, meaning companies and individuals alike have had to adjust to a new way of life. This increased our reliance on technology which, in turn, increased our risk of falling victim to data breaches.
Now, with people heading back into a lockdown-esque situation, experts within the field fear that individual data breach claims may become more and more sought after. But why exactly is this, and how can we tackle the inevitable cyber security issues we face as COVID-19 progresses?
Why is Cyber security a bigger problem with remote working?
I’m sure you’ve heard it said many times by now; remote working makes cyber security threats much more likely. That said, you’re probably wondering why this is, so let’s answer this question here.
For starters, transitioning speedily to a remote working situation without having the proper infrastructure to do so was risky. That said, this couldn’t be helped, as the government made sure it was a necessary step to contain the pandemic.
The smartest business owners chose to adapt to ensure their company and clients were as safe as possible during this time. They made sure to invest that extra time and money into transitioning everyone effectively for a long-term work from home structure. Employers that did so made sure that their employees:
- Were working on a VPN: home Wi-Fi poses the risk of being easily hacked into, so accessing company information through connecting this way is a risk. Instead, a VPN provides a secure internet connection which is much more difficult to hack into.
- Were working on company laptops: personal laptops are much less secure than work laptops as they often have little security, and are usually outdated, making them much more likely to risk cyber-attacks.
- Had malware protection installed on their laptops: most personal laptops will have minimal malware protection installed, if at all. So, anyone working on them are at a much greater risk of falling victim to hackers. For those who could not provide company laptops, being sure that all staff were working on a protected home laptop was key.
- Updated their laptops frequently: it’s thought that those who keep their devices consistently updated are less likely to experience an attack. Being sure to do this, and that all employees do the same, was paramount.
That said, many company owners did not adapt, and still haven’t done so, leaving their data at even greater risk. This might have been due to a lack of time during this stressful period, a lack of funds to do so, or a lack of knowledge on the gravity of this situation.
Either way, a large number of small businesses are still unequipped with the necessary tools and knowledge to successfully avoid a breach. It’s also thought that over 77 percent of UK companies do not have an incident response plan. So, if the eventuality occurs, a plan of attack is lacking.
Other reasons why the pandemic increased the risk of cyber threats
It’s not just working from home that poses a larger threat to companies. The world became drastically more reliant on technology when lockdown hit, resulting in people changing their habits all together. Now, people have been, and are still:
- Communicating predominantly through video chat software, like Zoom and Facetime.
- Shopping online more so than before.
- Using test and trace, and therefore handing personal data over to more businesses, many of whom will not be used to handling customer data in this way.
- Downloading apps to order food in pubs and restaurants.
- Spending a lot of time at home, so becoming a lot more susceptible to scam emails and phone calls.
To top this off, the number of home devices in the UK are increasing, leaving people more and more vulnerable every day. What’s more, smart homes are becoming the norm, so the question is are they listening to you?
Richard Forrest, Senior Associate at Hayes Connor, the UK’s top data breach claims solicitors, said: “For decades now, we’ve become more and more reliant on technology to get us through each day. Over the past few months, though, the level of this reliance has spiked, leaving every one of us at greater risk of falling victim to a data breach.
“Lockdown altered our habits, be it our daily communication, our use of social media, and the use of streaming services to keep us entertained. These new habits have been, and still are, increasing our exposure to potential cyber threats.
“This also puts companies more at risk, for a number of reasons. Individuals may have been using work laptops for personal affairs, exposing company data to potential malware. Alternatively, for those using personal laptops to work, any malware that makes it onto our home devices from their increased usage may then mix with company data.
“Either way, we’re now in a melting pot of potential cyber threats. This is why it’s so important, now more than ever before, to take the necessary action against them.”
How Can we Avoid Cyber Security Threats Whilst Working from Home?
As you can see, the seriousness of this can’t be overstated, which is why individuals and companies alike must take the action to protect themselves. But, how exactly can you put this into action?
What Can I Do as an Employer?
As a company owner, you have a responsibility to ensure your data is protected, and your staff are in-the-know. So, let’s firstly talk about what you can do as an employer to avoid the threat of data breaches within your company. These tips should be in place even without people working from home, but are especially important now:
- Provide secure passwords on the arrival of new employees.
- Set up multi-factor authentication on all systems.
- Set up all work PCs and laptops so they go to sleep automatically after a couple of minutes without use.
- Install malware security software on all computers.
- Provide work laptops.
- Provide training sessions on all things GDPR, including how to recognise malicious emails, how to send an email correctly to avoid a data breach, how to handle company information, and more.
- Be sure to monitor all of your accounts regularly, including emails and bank accounts.
- Contact the correct organisation if you are notified of or detect any suspicious activity.
- Make sure your company has a VPN, and that all of the staff are connected to it for everything work related.
- Use PayPal when providing or paying invoices from any unknown entities.
What Can I Do as an Employee?
Although it won’t necessarily affect you personally if your company is data is breached, it is your responsibility to ensure this doesn’t happen, for the sake of your company and your job. So, here are some actions you can take, as an employee, to protect the data where you work:
- Use the secure password provided by your work colleagues on arrival for everything work related.
- Don’t divulge any business information to anyone outside the company.
- Be sure to update your devices and software regularly when suggested to do so.
- Don’t use your work laptop for personal things.
- Don’t use your personal laptop for anything work related.
- Let your employer know if you notice any suspicious activity.
- Don’t overshare online.
- Use https:// URLs when browsing to ensure they’re secure.
- Be sure to stay on the VPN for anything work related.
- Shred any sensitive documents.
What to Do if You’ve Been a Victim of a Data Breach?
Although many companies have been, and still are, going back to normal by sending people back into the workplace, everything has changed. With the continuation of so many people working from home, it’s down to you to do your bit to ensure your company remains safe from any cyber security threats.
That said, even with all of these actions taken into consideration, the threat of exposure is always there. So, if you or your company has been a victim of a data breach, be sure to get in contact with a solicitor as soon as possible. They will be able to advise you on your next steps, and allow you to seek compensation for any consequences faced.
Ultimately, if you follow the steps above, you should remain as safe as possible whilst working from home. The question is, have you put all of these safeguards in place to avoid falling victim?
Read the latest edition of PCR’s monthly magazine below: