The spread of the novel Coronavirus (COVID-19) is forcing many organizations to require their employees to work remotely. While it might mean that we can work comfortably from our home, this also puts our cyber security at high risk as the world is now seeing a huge spike in Corona themed scams, text messages, malware attacks, phishing activities and more. New hacking campaigns are lunched rampantly, targeting everyone from the healthcare industry to enterprise employees with fake websites, fraudulent emails and misinformation.
Many of the employees who are working from home are using insecure data networks. A lot of them are not maintaining same security level as they would in the corporate network which puts significant security threats to company data and IT assets. Employees may be accessing sensitive company data as well as personal information of individuals. Exposure of such data can lead to adverse consequences for an organization.
Every time an employee connects to their corporate network from home, it creates a possible access points for the cybercriminal to exploit. This makes the job for cybersecurity team extremely challenging. The only way to minimize cyber threats while working from home is by ensuring individual security measurements.
Here are our key tips to ensure your network and data as safe as possible.
Coronavirus related Phishing Attempts
Many employers send out daily email updates to keep their employees informed about Coronavirus related company policies. These emails often contain links or attachment relevant to company policies. Given the sensitive nature of these emails, employees are often quick to click on the links or open attachment.
Employers should recognize that phishing emails disguised as coronavirus updates or as updated company policies may deceive employees. Basic practices like re-checking the sender’s email address, looking out for typos in the content and simply making a phone call to relevant personnel before proceeding with the mail can help protect from an attack.
Use trusted communication platforms
Most interactions such as meetings, file sharing or document exchange will be done online while working from home. To ensure security while communicating sensitive and confidential information, companies need to use encrypted communication platforms only. It is the responsibility of the organization to provide secure data & file sharing platform.
Only use work devices
Using only work devices for accessing company network or data has many benefits.
Often there is a number of software installed in the background of company IT infrastructure that keeps the entire network secure from cyber-attacks. In case of an incident took place on an employee’s personal device, it is more likely that this device is less secure than company authorized device.
Personal devices that are not configured with security systems (e.g., company-sanctioned anti-virus, password protection technologies or secure network connections) increases the risk of exposure to cybercriminals in case of downloading or saving sensitive company materials in those personal devices, phones, hard drives, computers or even in the cloud (e.g. Google Drive, Dropbox etc.).
In addition, personal devices are often more susceptible to physical breaches e.g. leaving it at their home, car or at restaurants.
Update security software
Make sure to install antivirus or cybersecurity software to ensure protection against breaches or ransomware or malware campaign. This is more crucial to deal with phishing emails with links. If an employee mistakenly clicks a phishing link or tries to open a malicious attachment, the security software, in most cases, can warn the user and block access to the site. Often it is a good practice to add the software as an extension on web browsers. It’s also best practice to scan and update software on regular basis so that vulnerabilities are identified quickly.
Keep home network secure
When working from home, your home network must be protected. Try these following steps:
Incident Response
Organizations should remind the employees that in case of a possible security breach while working from home, they should inform the organization’s designated cyber incident response team or cyber security team without delay to minimize damage.
Additional tips:
Stay safe.