With most people working from home in lockdown, businesses are more exposed to cybercrime and need to take precautions, says Terence Govender, National Director of IT advisory, Mazars.

Govender was speaking at a webinar on ‘Cybersecurity in the COVID-19 work-from-home age’, hosted by inbound tourism association, SATSA, on April 3.

“People are more relaxed at home; remote workers do not have anti-virus and/or VPN software or personal firewalls on home computers, and they’re spending a lot more time online,” says Govender.

SMEs were a major target as they often did not have the budget to spend on security software, monitoring tools and resources; and they might offer online services with little protection, he added.

“30 000 websites are hacked daily; 75 records are stolen every second by hackers. 24% of data breaches are a result of human error.”

Mazars has put together a checklist of do’s and don’ts for employers and employees, helping them to avoid becoming one of these statistics.

What employers can do:

• Ensure laptops have up-to-date anti-virus software and that scanning of USB ports is enabled.
• Ensure the relevant Virtual Private Network (VPN) software is enabled and/or two factor authentication is implemented.
• Where possible, ensure hard disk encryption with maximum password requirements are applicable.
• Ensure that the remote work security policies are the same as working on the network in the office.
• Deploy collaboration software on laptops ahead of time and avoid staff downloading and/or configuring software independently or via written instructions.
• Remind staff to change passwords as per the password policy, but do not extend the period of password changes e.g. 30 days to 90 days.

What employees should do

• Ensure you are able to login to the network with a password.
• Do not plug foreign or unapproved memory sticks into laptops.
• Only visit websites that are work related or deemed safe. Check with your IT department if unsure.
• Report any strange emails or activities you notice with your laptop or PC.
• Load anti-virus software and personal firewalls on your private/personals computers.

What employees shouldn’t do

• Visit websites that are deemed unsafe or unfamiliar.
• Do any banking or transactions if the website does not have HTTPS: in the start of the URL.
• Provide any confidential information to anyone requesting it unless you have prior knowledge of the request.
• Respond to any emails that are COVID-19-related requesting information.
• Respond to any emails or requests for personal information or company-related information.