The COVID-19 pandemic has launched us head first into a world of uncertainty - physically, emotionally, and economically. While many workers are fortunate enough to work from home during this challenging time, hackers are capitalizing on the new, often unsecure, environment remote work has created. If you are working from home for the foreseeable future, there are some things you should know about the new state of cybersecurity and what you can do to protect yourself and your company.
Increased 'Phishing' Scams
One of the most common cybersecurity tactics is known as 'phishing'. Phishing involves sending emails claiming to be from reputable companies or contacts in order to entice individuals to reveal personal or confidential information. Due to a larger work from home (WFH) workforce and a heightened sense of fear, hackers are wasting no time exploiting the COVID-19 crisis. Common phishing tactics include leveraging health-related interest as well as spoofing a company's HR or IT department to elicit link clicks.
Additionally, remote workers are at greater risk of cyber attacks by using personal devices to access corporate resources or allowing children to download and access programs on company devices.
Employees: How to Protect Yourself
- Enable Multi-Factor Authentication (MFA)
Multi-Factor Authentication requires a user to present two or more pieces of evidence in order to access a program or application. By requiring multiple credentials from a user, it really amps up the security and protects from fraudulent access.
- Practice Good Cyber Hygiene
Ensure your devices, such as your home router and laptop, are up to date on anti-virus protection (Harvard Business Review).
- Use Passwords and Waiting Rooms for Zoom Conference Calls
Many organizations are using a program called Zoom to hold conference calls and team meetings. You can prevent 'Zoom bombing' and other unwanted attacks by creating passwords for your meetings or utilizing the waiting room feature.
- Exercise Caution with COVID-19 Emails
You should exercise caution with any email you open but COVID-19 emails are especially susceptible to phishing right now. Any email with a COVID-19 subject line, hyperlink, or attachment should be thoroughly scrutinized before opening and clicking (Department of Homeland Security).
- Only Use Secure WiFi
You are likely working from your home as-is, but if you are at a place where you can access unsecure WiFi connections, we strongly recommend against it.
Employers: How to Protect Your Employees and Organization
- Provide Ongoing Security Awareness Training
The majority of cybersecurity attacks are the results of employees clicking suspicious links. You can prevent a great deal of attacks by properly educating your staff.
- Make Sure Virtual Private Networks (VPNs) are Fully Patched
Many organizations are requiring their remote employees to access the company network via VPN - which is great. However, your IT department should be diligently monitoring and patching these networks, especially during a time when hackers are actively pursuing them.
- Ensure High Level of Security for Personal Devices
When possible, employees should only be using company-issued devices. However, if an employee does have to use a personal device to conduct business, the device should have the same level of security as a company-owned device. You will also want to keep in mind the privacy implications of personal devices connecting to business networks (CrowdStrike).
At the end of the day, we are all in this time of uncertainty together. Our goal as a web agency is to educate you on cybersecurity best practices and encourage you to remain diligent now and in the future. Practice caution with each email you open and website you visit. If you need assistance with cybersecurity, managed hosting, or business continuity planning, contact the experts at Informatics.