Take care when communicating with customers and your team online
As businesses of all sizes quickly move towards remote working arrangements a common question we’re hearing is:
“How can we move the stuff we do in person online?”
Most small businesses have been looking at online communication platforms as alternatives to their normal face to face practices.
If you’re looking at these solutions on behalf of a business you’ll rightly be weighing up the features of each trying to find the one that best fits your needs.
While quick decisions are needed right now, it’s important to keep in mind the security risks of any new technology you bring into your business.
Verify the people you’re communicating with
With any technology your business uses to communicate, it’s possible for others to use the same technology to mislead someone into thinking they’re being contacted by your business. As you start to use new methods of communication, ask yourself the following questions:
Is there a way for someone to be impersonated using this technology?
Can messages sent using this technology be verified as legitimate?
Email is commonly abused to trick people into doing something dangerous (e.g. clicking a link, opening an attachment, changing banking details or sharing sensitive information). Many businesses put in place additional filters and security measures to stop harmful messages from getting through. You may not always be able to do the same on every communication technology you use in your business, but being aware that this type of thing is possible and encouraging your team to keep an eye out can help.
Email scams have been getting so bad in recent years that some businesses have introduced processes to verify more sensitive communications as legitimate in person with the sender. If your business has processes like these, take a moment to make sure they can still be followed if your team are working remotely. Also, consider how your customers/clients can do the same with you if they receive a message from your team.
How will you verify messages if no-one can answer their office phone?
Online communication solutions are designed to make it easy for you to connect with people. As a result, their default security and privacy settings are typically quite open, increasing the risk to your business. It’s well worth the little time it takes to look at the settings of each technology you use and looks for ways to increase its security.
Securing business communication services
Staying connected is one of the most important things to do when working remotely. Popular services like Zoom, WhatsApp, Microsoft Teams/Skype and Google Hangouts are amazing solutions allowing us to connect with others without the need to leave the comfort of your own homes.
The power of being able to speak, share documents, present, record and share ideas via communications platforms is pretty damn cool!
What’s not cool is having an undesirable guest show up to our virtual meeting rooms particularly if your business is typically private. Online pilates, gym and barre sessions are becoming increasingly popular as people #stayathome.
Having a stranger show up to one of these sessions will quickly lead to discomfort amongst your clients. If your business is a law firm, therapist, health clinic, insurance company or really anyone holding meetings virtually, your client’s trust would similarly be impacted if your discussions weren’t kept confidential.
Tips for securing communication services
As with all online services, enable multi-factor authentication wherever possible.
Look for a private space to have confidential meetings.
Use a headset during meetings for your ears only.
Disable guest access and restrict domains that can attend if you’re using a platform for internal communications only.
If contacting people outside of your team, you might want to consider:
Using unique meeting IDs and setting a password
Limiting who you share your personal meeting ID with and never sharing it publicly.
Setting meetings so external people need to be approved to join.
Configuring the ability to remove people from meetings.
Using a waiting room, so people cannot join before the host.
Disable features that accept meeting invites automatically.
If you’ll have a number of unknown people joining a meeting where you’ll be presenting proprietary information, look into the use of audio signatures and screen share watermarking.
Consider your policy on recording meetings, in particular when you’ll ask participants if it’s ok to record the meeting. Remember it can be illegal to record private conversations without consent in certain states and territories.
Consider where conversations are stored and for how long. This is particularly important if your conversations contain sensitive information.
You can find more details on how to complete each of these steps in our Cyber Fitness Platform.
Securing business collaboration platforms
Collaboration platforms, like Slack and Microsoft Teams, are a fantastic way to share information, discuss topics and of course gossip. They can also be a place where cybercriminals will trying to weasel their way in to gather information about your business and to get you to click on malicious links and attachments.
Sometimes these platforms can be used to harass and bully members of your team. Although not purely a security concern, this type of behaviour is unfortunately common, and be hard to spot if your team are all working from home.
Tips for securing collaboration services
We’re starting to sound like a broken record but please use multi-factor authentication where possible.
If you collaborate with external people, you should consider:
Ways to clearly identify where people in your group are from (e.g. who’s part of your team).
How you’ll privately share a link to join your group to make it hard for cybercriminals to discover it.
A code of conduct or rules for the group to ensure that there is no funny business.
Make sure you know where to go to check logs in case something goes wrong. Also, make sure you know who has to access to these logs.
We can guide you through these steps in our Cyber Fitness Platform.
Communicating changes to your business
Once you’ve secured your communications and collaboration platforms, make sure you’re clear with staff, suppliers and customers about how you’ll be communicating with moving forward.
Communicating these changes clearly and carefully will not only make future communications more likely to make it through but also help those you communicate with treat messages coming from other places as suspicious.
Tips for communicating changes
Publish a statement explaining the changes on your website and include it in your email signatures. The statement should include:
Details of how you’ll communicate
Details of how you will not communicate
Share guidance with your customers about steps they can take to protect themselves. (See our Cyber Fitness Platform for sharable templates)
Update instructions on how to verify communications are legitimate and where to report anything suspicious.
If you’re unlikely to be returning to your office for a while, consider removing online references to your physical address. This could reduce the chances of a break-in resulting from you publishing you won’t be around.
Communications and Collaborative platforms are incredibly powerful for a business, and completely necessary for those of us now working as distributed teams. While no system is ‘hacker-proof’, taking a bit of care upfront by following the above tips can go a long way towards keeping your business cyber-fit.