Protect your organization from cyber-attack when working from home (COVID-19)
26 April 2020
At the time of global pandemic (COVID-19), many organizations have decided to work from home and have adopted remote work policies. This influx in remote work has created a gap in cybersecurity standards and it’s becoming a growing concern. Cybercriminals are exploiting COVID-19 to target organizations and individuals.
Cybercriminals are taking advantage of our need for information when working remotely and are using one of these ways to target individuals and organizations:
- Phishing Emails: Victims are being trapped using COVID-19 themed phishing emails which portraits to deliver official information on the pandemic, to lure individuals to click on malicious links that downloads remote access trojans (RATs) on their devices.
- Social Messaging Apps: Social messaging apps, through which we communicate with our family and friends, are being used as one of the popular means to spread malicious link, to compromise the mobile devices and exfiltrate sensitive personal data.
- Mobile Application: Due to lack of awareness individuals are downloading unverified COVID-19 mobile applications from external websites (not from authorized google play store) without verifying its authenticity, leading to comprise of sensitive personal data, passwords etc.
- Fake Websites: According to WeForum, the global pandemic has led to the creation of more than 100,000 new COVID-19 web domains, many of which are malicious or suspicious.
The individual who fall victim to the above, would not only compromise their own devices and data but also compromise the entire organization’s network if connected through VPN or through other means including sharing of malicious links/mobile apps.
Here are some ways to be protected:
- Create an organizational culture of cybersecurity: Business leaders should work with IT and security teams to identify the likely attack vectors as a result of more employees working from home and discuss ways to protect the most sensitive and business-critical information. Ensure that the C-suite and IT team promote and support all employees practising effective cybersecurity policies and processes.
- Inform your employees: Periodic reminders of good password hygiene and being wary of phishing attacks will keep employees engaged and secure during these critical times.
- Secure your conference calls: When hosting conference calls, make sure the call is secure and limit the number of attendees. Check-in with software providers to see what protocols they have in place and what adjustments need to be made.
- Incorporate the right tools: Intelligent tools in Microsoft 365 and Windows Defender ATP can harden your defence; automatically alerting and responding to suspicious behaviours to keep your organization secure.
- Secure your endpoints: All the corporate devices like laptops and mobiles should have secured using antivirus software, hard disk encryption, Mobile Device Management (MDM) software for phones etc.
- Password Hygiene and Multifactor Authentication: Use a complex password and follow good password hygiene across all devices and applications, also enable multifactor authentications wherever available.
- Update software: Make sure your devices are running on the latest approved versions of software and operating systems. It is also a good practice to update your personal devices too.
- Wi-Fi Security: Make sure your Wi-Fi is not set to the default password, and your Wi-Fi setup is secured with WPA2-AES security setting which makes it difficult for an attacker to get into your network.
- Be Cyber aware: Do not fall for phishing emails, fake application, fake websites, and WhatsApp forwarded links themed for COVID-19. Always follow government/UN authorized links for information on COVID-19.
- Segregate personal and corporate usage: Avoid using the corporate device for personal use, including browsing, or downloading software and applications. Further, avoid usage of personal devices for accessing the corporate application and data without appropriate authorization and controls.
We understand the cyber risks and challenges that today's businesses face, especially during this period of uncertainty and disruption. Our team of cybersecurity professionals has the experience to assess and secure your infrastructure as well as help you respond to potential cyber incidents your business may experience during the COVID-19 crisis.