New Zealand's latest Covid.19 lockdown is a timely reminder to SMBs that pandemic disruption has a way to go yet, which
means it is time to move beyond the casual approach to work-from-home arrangements because it is a serious cybersecurity
risk to businesses.
Author of the book 'She'll Be Right (Not!) – a cybersecurity guide for Kiwi business owners – SMB cybersecurity expert
and managing director of Vertech IT Services, Daniel Watson, said sharing home WIFI with family members is problematic.
"For example, it is not unusual for teenagers in the home to download, stream and play games that could create a
backdoor for cybercriminals to access confidential company and customer data.
"A shared home WIFI network is logically on the same network as the rest of the family. It is not unusual for teenagers
to download content, play games or stream live content from dodgy sites like pirated TV platform CouchTuner.
"Dodgy sites are riddled with trojan software, which will use the family WIFI as a steppingstone to affect other devices
on the network. It opens a backdoor for data theft and ransomware.
Watson encouraged SMB owners and leaders to start thinking long-term about securing their staff's homeworking
arrangements because cybercriminals see New Zealand as a 'soft touch'.1. Ensure your team's home PCs are secure
Secure staff buy-in and then finance the installation of good anti-malware on all of your team's home computers.
"Encourage your people to have a conversation with their children and others in the household about what sites are not
appropriate and the high risks – not to mention illegality – of accessing pirated content," Watson said.2. Where possible segregate networks
Where possible, particularly when it comes to managers and C-Suite executives who have greater access to confidential
information, it is worth investing in equipment that protects the network.
"If you are able, install an additional router in the home to separate company devices from the home network."3. Educate your team
Implement a cybersecurity awareness training programme to make staff aware of threats to themselves and the company when
working on the home network.
The training programme should cover permissible security arrangements for the home, including company policies and
minimum standards.
"I would follow this up by removing 'local administrator rights' from staff machines because there should not be many
occasions where staff need to install new software on a work computer.
"It may be inconvenient, but it protects your company – and your staff – from the increasing number of cybersecurity
threats we are currently confronting," Watson said.
For more information visit: https://www.linkedin.com/in/daniel-watson-smb-cybersecurity-expert-07424b12/