The spread of the novel Coronavirus (COVID-19) is forcing many organizations to require their employees to work remotely. While it might mean that we can work comfortably from our home, this also puts our cyber security at high risk as the world is now seeing a huge spike in Corona themed scams, text messages, malware attacks, phishing activities and more. New hacking campaigns are lunched rampantly, targeting everyone from the healthcare industry to enterprise employees with fake websites, fraudulent emails and misinformation.
Many of the employees who are working from home are using insecure data networks. A lot of them are not maintaining same security level as they would in the corporate network which puts significant security threats to company data and IT assets. Employees may be accessing sensitive company data as well as personal information of individuals. Exposure of such data can lead to adverse consequences for an organization.
Every time an employee connects to their corporate network from home, it creates a possible access points for the cybercriminal to exploit. This makes the job for cybersecurity team extremely challenging. The only way to minimize cyber threats while working from home is by ensuring individual security measurements.
Here are our key tips to ensure your network and data as safe as possible.
Coronavirus related Phishing Attempts
Many employers send out daily email updates to keep their employees informed about Coronavirus related company policies. These emails often contain links or attachment relevant to company policies. Given the sensitive nature of these emails, employees are often quick to click on the links or open attachment.
Employers should recognize that phishing emails disguised as coronavirus updates or as updated company policies may deceive employees. Basic practices like re-checking the sender’s email address, looking out for typos in the content and simply making a phone call to relevant personnel before proceeding with the mail can help protect from an attack.
Use trusted communication platforms
Most interactions such as meetings, file sharing or document exchange will be done online while working from home. To ensure security while communicating sensitive and confidential information, companies need to use encrypted communication platforms only. It is the responsibility of the organization to provide secure data & file sharing platform.
Only use work devices
Using only work devices for accessing company network or data has many benefits.
Often there is a number of software installed in the background of company IT infrastructure that keeps the entire network secure from cyber-attacks. In case of an incident took place on an employee’s personal device, it is more likely that this device is less secure than company authorized device.
Personal devices that are not configured with security systems (e.g., company-sanctioned anti-virus, password protection technologies or secure network connections) increases the risk of exposure to cybercriminals in case of downloading or saving sensitive company materials in those personal devices, phones, hard drives, computers or even in the cloud (e.g. Google Drive, Dropbox etc.).
In addition, personal devices are often more susceptible to physical breaches e.g. leaving it at their home, car or at restaurants.
Update security software
Make sure to install antivirus or cybersecurity software to ensure protection against breaches or ransomware or malware campaign. This is more crucial to deal with phishing emails with links. If an employee mistakenly clicks a phishing link or tries to open a malicious attachment, the security software, in most cases, can warn the user and block access to the site. Often it is a good practice to add the software as an extension on web browsers. It’s also best practice to scan and update software on regular basis so that vulnerabilities are identified quickly.
Keep home network secure
When working from home, your home network must be protected. Try these following steps:
- Use a difficult password for your Wi-Fi connection
- Turn off SSID broadcasts in your router
- Use MAC addresses filtering option of your router which will make much harder to exploit your home network
- If your router has option, set up a guest network with different security rules to separate networks for your work and personal usage
Organizations should remind the employees that in case of a possible security breach while working from home, they should inform the organization’s designated cyber incident response team or cyber security team without delay to minimize damage.
- Using multi-factor authentication upon each login to a company portal.
- Only allowing remote access through a virtual private network (VPN) with strong end-to-end encryption.
- Prohibiting working from public places, such as public transportation or restaurants.
- Prohibiting use of public Wi-Fi.
- Imposing additional credentialing with respect to the ability to download certain sensitive data.
- Important files should be backed up regularly.
- Practice screen lock when not working.