SCOTTISH businesses are being advised to put in place stricter rules around passwords to protect staff and systems, as the country switches to home-working amid the coronavirus pandemic.
Following UK Government advice for businesses to work from home where possible, due to the rise in cases of COVID-19, the Scottish Business Resilience Centre (SBRC) is warning employers how this can increase an organisation’s vulnerability to cyber-attacks.
This was demonstrated just weeks into the COVID-19 outbreak, with scammers already capitalising on fear and system frailties, and scams relating to the virus costing UK businesses nearly £970,000.
SBRC is advising businesses to quickly and easily increase their security by using password manager software and implementing a two-factor authentication.
Declan Doyle, Ethical Hacking Consultant at SBRC, said: “We’ve seen a huge increase in the number of phishing scams since the outbreak of the virus – including fraudulent emails targeting businesses about fake Government tax rebates and Coronavirus funding.
“Criminals are very smart, and as much as we can find, identify and shut down scams, the best course of action is to tell people what to look out for and give them advice to follow to minimise the risk of falling victim to these traps. Increasing your online security is one way to do this.”
Eamonn Keane, Chief Operating Officer for Cyber and Innovation at SBRC, said: “The last thing any business battling the impact of coronavirus needs right now is a crippling cyber-attack.
“The prospect of thousands of temporary home workers, potentially accessing a range of vital business servers and applications from vulnerable home internet connections, or using old or inadequate laptops or PCs, is a scary one.
“One of the easiest ways for businesses to avoid cyber-attacks is to set up a password manager to secure, store and generate passwords for your team which can be accessed across various devices.
“Attackers use different techniques beyond hacking to discover passwords, including phishing, automated guessing using the most commonly-used passwords, manual guessing and intercepting networks. Password managers and two-factor authentication can easily put a stop to a lot of these tactics.”
Andy Maclaren, Head of IT Services at SBRC partner, Consider IT, said: “Password managers typically generate a long, secure and unique password for each website a user logs into, avoiding reusing passwords across different websites.
“This way, if a particular website’s database is hacked or leaked, attackers won’t be able to use the same log in details to access all of the other services your email address has signed up to.”
Two-factor authentication asks users for their password as normal, but also asks users to provide a second piece of information such as a code sent to an email address, or a fingerprint scan on a phone.
Eamonn added: “Two-factor authentication is just another way of ‘double-checking’ you are who you’re claiming to be when you’re logging into business accounts – meaning even if someone hacks or gains access to your password, they won’t necessarily be able to access your accounts.
“At SBRC, we endeavour to maintain Scotland’s reputation as a safe place to do business, so we will do everything we can to keep our partners, members and the public as up to date as possible in these uncertain and ever-changing times.”The Scottish Business Resilience Centre is a non-profit organisation which exists to support and help protect Scottish Businesses.
To ensure Scotland remains a safe place to live, work and do business, SBRC will be regularly sharing COVID-19 developments and advice from Scottish Government, their partners and members as they happen.
Over the coming weeks SBRC will be holding a series of 60-minute webinars aimed at helping Scottish businesses prepare and survive the human and commercial impacts of COVID-19.
SBRC maintains a unique connection to Police Scotland, Scottish Fire and Rescue Service and Scottish Government, which gives the organisation exclusive access to the latest information to advise citizens and businesses how to interact safely.
Employers can also reach SBRC by emailing [email protected].