How to stay safe from cyber risk at home

With swathes of the population currently working from home for the first time,  cyber criminals see the disruption and concern caused by the coronavirus outbreak as a major opportunity.

Cyber criminals scam or introduce malware with the intent of committing fraud or holding people and businesses to ransom. The widespread increase in use of personal devices, and employees in their masses handling business data on computers at home, present inherent cyber vulnerabilities. Criminals are taking advantage.

The single most important thing that anyone can do to prevent falling victim to cybercrime or introducing malware to the work environment is to pause before clicking. If you are suspicious about an email or a call to action within an email (such as an instruction to fill in information or click on a link), delete the email and empty your trash inbox. You may also wish to contact your company’s IT support department.

Legitimate companies should never ask you for sensitive information without taking you through some form of security process. And be aware – some sophisticated criminals are capable of mimicking security processes.

If, for example, a supplier asks you to change payee details, you should call your pre-existing contact and check in with them. Use the number you have on file or go through a switchboard to make the contact – this way you know you are speaking to the real supplier. Avoid using any contact details included in an email you think may be fraudulent as this could allow a criminal to impersonate the supplier.

Finally, remember, financial institutions will never contact you and ask you to supply information. If you receive such a request, delete and empty your trash inbox.

Our ten top tips to consider are:

  • If you feel under time pressure, delete the email and don’t respond. Attackers often combine their messaging with some form of time pressure to take advantage of our natural fear of missing out.
  • Be suspicious of any email that doesn’t address you personally or uses an odd form of greeting.
  • Look out for emails that mimic a colleague or contact. If their email address seems wrong, or the way they are communicating is unusual, it may be a phishing email.
  • When visiting websites, https:// and a locked padlock in the address bar show a site is secure.
  • Consider blocking popups by changing the settings in your web browser.
  • Keep your web browser up to date. Web browser updates are issued to fix vulnerabilities that are known to be exploited. Not updating is equivalent to leaving a window open when you’re out of the house.
  • Secure your router using password protection and choose a password you don’t use elsewhere.
  • Enable the firewall that is inbuilt in the operating system (likely Windows or OS) of your device.
  • Enable encryption on mobile devices. It is a simple process, but if you’re unsure check the help function or perform a web search to guide you.
  • Back up to the cloud. It is easy, cheap, secure and reliable. This means that criminals who seize your data and hold it for ransom are less likely to succeed.

Finally, remember that you are always free to end any communication you think may be fraudulent – be it deleting an email or hanging up on a phone call. Phishing emails from criminals use a variety of methods, but familiarise yourself with the basics of cybersecurity and you’ll avoid being ‘hooked’!