5 Cyber Security Best Practices for your Community Organisation in the Wake of COVID-19

By Anthony Gatehouse , posted in Business Support & Cyber Security

As a Community Organisation, it is becoming increasingly important to adopt a cyber security and privacy strategy – or at the very least, pass on some basic protocols to your staff to help ensure your data (and your client’s data) is safe and secure. This fact has been illuminated of late with the outbreak of COVID-19, where strict isolation rules have seen many of us working from home in an effort to flatten the curve.

As a result, many organisations have switched to digital solutions in order to keep operating in a ‘business as usual’ manner, with both Zoom and Microsoft Teams reporting explosive user increases. Unfortunately, what hasn’t been highlighted near enough, is the amount of businesses struggling to keep up with or adapt to this change, with many putting it down to a lack of preparedness. Now, throw into the mix a dramatic increase in Covid-19 related Malware Sites and we’ve found ourselves in a bit of hot water on a universal scale.

So, what does this all mean for your Community Organisation?

Firstly, by reading this, I’ll assume it means you’re at least now aware enough of the cyber security threats that your community organisation may be facing. And if that’s all you take away from this article then I’ll consider my job done for today. However, if you’re looking for some actionable strategies that you can put in place today to help you and your staff members make a start in protecting yourselves, I implore you to keep reading.

Step One: Password Security

Do you use the same password for every site you visit and account you create? Whilst it seems obvious as a way to remember your password, it’s actually one of the worst things you can be doing in terms of password security. If a hacker were to be successful in exploiting user email addresses and passwords from one site, it’s incredibly easy for them to then try using the same login credentials on other sites. What’s even scarier than this? The fact that the most commonly used password is 123456. Yes, you read that correctly. Imagine just how easy it would be for a hacker to gain access to all of the secure data within your community organisation if your employees’ email password is the same (and as simple) as their everyday login password to Netflix.

So, what can be done? Having your team adopt a Password Manager such as LastPass is a step in the right direction. Effectively acting as a password storage vault, password management software allows your to generate strong, unique passwords for every site you visit, and store them securely without having to remember (or write down) each and every one. All you need to remember is your master password and you’re good to go – Just make sure you follow Step Two and enable Two Factor Authentication.

Step Two: Enable Two Factor Authentication on Everything

You’ve probably seen Two Factor Authentication popping up everywhere on different online services you use. Essentially, this is an added layer of security that prompts you to authenticate that it’s actually you signing into the account. This can generally be enabled through 3 main methods (depending on which is available in each platform):

  • Authenticator Phone Application such as Google Authenticator – These allow you to run authentication for multiple accounts from the one application, providing you with codes that time out after 30-60 seconds;
  • SMS Authentication – When your login information is entered, a code will be texted to your mobile phone and you will be prompted to enter it in order to proceed; or
  • Email Authentication – Similar to SMS Authentication, Email Authentication follows the same process although the code is sent to your primary email address instead.

You’ve probably also noticed that this is generally an optional service and not activated by default. For this reason, we recommend you (and your staff) go through all of your accounts and activate Two Factor Authentication, starting with the new LastPass account you’ve just set up to manage your passwords!

Services such as Microsoft Office 365 allow your Administrator to enable Two Factor Authentication as an organisation wide policy, and force your staff to set it up when they try logging in next. This, in my experience, is an efficient way to get everyone within your community organisation utilising consistent cyber security protocols.

Step Three: Don’t Click the Link!

Remember those aforementioned Covid-19 related Malware sites? Traffic to these sites is generally attained through fraudulent emails that pose as companies or services that they’re really not. The hackers behind these tactics are sending these fraudulent emails and links to thousands – if not millions – of people, hoping that you or I or somebody else mistakes it as legitimate and clicks on the link. What happens next? A multitude of different things can occur dependent on the hacker’s intentions. This could include installing Malicious Software (Malware) on your computer or directing you to a fake form designed to steal your information.

Unfortunately, there’s no surefire way to avoid receiving these emails or having yourself or your staff click on one of the links. There are however a few things you can remember and pass on to your staff:

  1. If the email looks suspicious, check the sender’s email address for authenticity;
  2. Have staff forward through suspicious emails to Managers or Directors for review;
  3. Don’t open unknown attachments (these can often contain Malware); and
  4. Avoid sharing sensitive information such as account passwords or information through email.

Most importantly, recognise that mistaking illigitimate emails for real ones can and does happen. It’s no one’s fault, and if anything will just help you to recognise loopholes for future security planning.

Step Four: Invest in Cloud Security Software

Protecting your company computers from malicious activity and threats is another line of defense that is often understated. Ensuring your staff are all set up with organisation-wide malware scanning software helps to minimise the impact on company equipment if malware or other exploits do manage to infect the system.

This kind of software does come at a cost – particularly when looking at organisation-wide options. Whilst more expensive, cloud based options allow the Administrator to set various policies online that are in-turn rolled out to staff systems. This is particularly important in times like these, where site access restrictions need to be upheld despite the location in which we work.

Step Five: Embrace the Change

The online environment isn’t going anywhere. In fact, if recent events have taught us anything, we need to be prepared for anything as business leaders when it comes to operating in the digital space. Although Cyber Security related strategies and protocols can be overwhelming, they don’t have to be. Often times, it simply comes down to common sense and taking basic precautions to ensure you and your staff are all on the same page. Integrate cyber secure discussions into your weekly or monthly meetings and training sessions, and have your team embrace change with you.

And there you have it. 5 very simple steps that you can start following right now. As you start working through these steps, you will start to recognise how the little things can help towards protecting yourself, your staff and your organisation. I guarantee you will feel empowered and want to explore what else you can do to help tighten the ship. It’s one thing to be cyber security aware – it’s another to start taking action. Don’t let the hackers win!

Have a question about this article? Contact our team today!