Additional cybersecurity tips for teleworking during COVID-19

Since the COVID-19 pandemic is far from being over and many SMEs are still working remotely, we decided to re-share some interesting take-aways from the SME online workshop held last 25th of May, by cyberwatching.eu in collaboration with DIGITAL SME France, which aimed to raise SMEs’ awareness about the cybersecurity issues of teleworking.

The workshop was held in French and allowed to reach the target audience of French-speaking SMEs, mainly located in Eastern France and Luxemburg. Deborah Goll (European DIGITAL SME Alliance) as member of the cyberwatching.eu consortium, presented the project and its activities to the participating SMEs. The participants learned about the cyberwatching.eu Marketplace and its benefits for both end-user SMEs to find and test innovative solutions, as well as for provider SMEs to showcase their cybersecurity services and solutions. In addition, the participants were encouraged to test their cybersecurity knowledge and security level by taking the online cybersecurity self-assessment test for SMEs, that cyberwatching.eu developed in collaboration with the European projects CYBERWISER.eu and SMESEC. Finally, the participants were shown the online access to guides for SMEs on the cyberwatching.eu website.

This workshop, taking place a few months after the outbreack of the health crisis, when COVID-19 and lockdown forced companies into teleworking without having time to anticipate cybersecurity issues, was very timely and appropriate. Since the beginning of the COVID-19 pandemic, companies have thus been facing an upsurge in cyber-attacks from cybercriminals who have been taking advantage of the situation and exploiting the many security vulnerabilities of companies, especially SMEs. The workshop was held by two experts in digital security, Etienne Laveau, Director of Steel PC, an SME which provides IT solutions and equipment  to other SMEs, and Dominique Lo Sardo, Associate Managing Director of OpenField, a management consulting firm specialized in information systems.

During the first part, participants got an introduction to cybersecurity and cyber-attacks. The experts spelled out the consequences of a cyber-attack on companies, and even more on SMEs, highlighting the many potential repercussions, such as slowing down or even stopping the company's activity and/or production, blocking the company’s website, damaging its reputation, losing its customer database, losing market share, etc. The experts then explored the level of risk awareness among participants, describing the specific risks and cyber threats related to teleworking: phishing, ransomware, data theft, Business Email Compromise (BEC) scam, to name a few, and explaining what kind of vulnerabilities might be exploited by cyber criminals. For example, teleworking increases tremendously the attack surface of a company, which includes all the access points of a network that a hacker could use to enter the company’s system.

Finally, participants got security recommendations from the experts, who stressed that the best defence against cyber-attacks is awareness. Participants were advised to:

• Never use a public or open network as they are often used to launch attacks against the company
• Use a VPN (Virtual Private Network) to access the company's resources
• Install a properly configured firewall when possible
• Regularly update the software
• Check that the antivirus is up to date
• Immediately notify the IT department in the event of a suspicious behaviour (even if minor)
• Lock their PC when not in use
• Hide their camera when not in use
• Immediately notify their IT department if they misplace their PC or phone
• Use strong passwords and delete all their post-it notes with a password on them
• Define and implement an internal policy for teleworkers
• Monitor the activity of their external accesses.                

At the end of the presentation, participants had plenty of time to ask the experts’ questions about cybersecurity issues. For example, one of the participants asked about the experts’ opinion on a famous and widely used anti-virus software which is free of charge. The experts were unanimous: such software may be free of charge but it can collect one’s data.

If you missed out on this insightful workshop and would like to know more on how to work remotely while guaranteeing your company’s system and data security, have a look at this short guidebook developed by the two experts of this workshop, where you will find a summary of the key action to mitigate these cyber risks.