With the World Health Organization (WHO) announcing Coronavirus Disease 2019 (COVID-19) as a pandemic, organizations worldwide are being asked to shift to a remote workforce to curb its spread. Capitalizing on the situation are hackers and other malicious actors; targeting and luring people by setting up phishing or malware traps.
Since January 2020, the number of COVID-19-related cyberattacks has increased. Hackers are playing on the coronavirus fear to inject systems with malicious entities such as the Emotet, FormBook trojan, TrickBot, BabyShark and many more. The spate of coronavirus-themed scams has prompted safety warnings by the WHO, the US Federal Trade Commission (FTC), and the Centers for Disease Control and Prevention (CDC).
For many industries, working with the new distributed workforce is forever changing the business and technology; introducing a whole new set of operational, customer/employee support, and cybersecurity challenges.
Cybersecurity in the time of COVID-19
In these troubling times, while workers are not safe to step out; organizations need to beef up security measures to prevent further cyberattacks.
The main security risks for employees and organisations:
- Social engineering attacks
- Phishing and Whaling attacks
- Online vulnerabilities
- Utilizing new tools
- Vulnerability of personal data
- Social and business networking
Business Security
Businesses should ensure that their business continuity plans also include updated security protocols.
- Update/Patch: Ensure all your security protocols, policies, and devices are up to date and install the latest security patches. Support your remote workforce by providing secure and up-to-date devices.
- Training staff and user security awareness: Reintroduce your team to security protocols and remote working best practices. Invest in security training to help your employees recognize malicious content and prevent further cyberattacks.
- Review your remote working security measures: General security hygiene or housekeeping techniques to protect login credentials and define how users access and share data. Put necessary security protocols and processes in place
- Review your enterprise application security: Measure your app security posture, identify gaps, prioritize risks, and develop a roadmap to increase your application security maturity.
- Implement a zero-trust approach: strengthen identity and access control, trust no user, device, or system by default. A zero-trust approach ensures that every end-point connection is validated/verified inside and outside of security perimeters.
As your workforce prepares for working from home, Entersoft recommends the following do’s and don’ts and cybersecurity best practices for working remotely:
DO’s
Enable device security: Update all your devices and end-user machines and install necessary security patches. Install anti-virus scanning software and frequently run anti-virus scans. Encourage your staff to perform general ‘housekeeping’ of passwords across all applications. Use hardened operating systems to
- Update cloud/network security: Make it easier for your employees to access secure applications by preparing a list of approved cloud vendors. Adopt two-factor or multi-factor authentication along with hardware tokens to log into all SaaS, mobile, and cloud applications. Enable updated Virtual Private Networks (VPNs) to encrypt web traffic and frequently rotate VPN keys and passwords.
- Follow basic
cybersecurity protocols at home:
- Ensure and maintain proper data bandwidth.
- Take frequent backups of all your workstations.
- Reset default WI-Fi and router passwords.
- Employees are not to store any company information on personal devices or unapproved cloud services.
- Take inventory of all devices connecting to your network.
- Log out of all work-related platform when not working, even at home.
DON’Ts
- Don’t open any malicious content online: Keep an eye out for phishing emails like weaponized document macro, weaponized document office exploit, emails with a link to malicious websites or emails containing malicious executables. Do not open any malicious sites or torrents on your work devices, even while working on a home network. Check the validity of an app or desktop tool before installing it on your devices.
- Don’t leave any device unattended: Do not leave any work device unattended when working in public places. Lock the screen if stepping away.
- Don’t share work devices: While working from home it is easy to share your devices with other family members or peers. Employees should neither share their work devices with unauthorized individuals nor use it for any personal work.
- Don’t connect to public Wi-Fi: Remind employees to not connect to any unprotected or public Wi-Fi systems while working. If necessary, use personal hotspots or encrypt the web connection.
In these unprecedented times, Entersoft is here to guide, secure, and support your organization and the growing remote workforce. Get in touch with our team to know more.
Most importantly – stay safe and healthy!