According to the national cybersecurity agency, there has been a spurt of growth in the number of cyberattacks on employees’ personal computers and routers since the whole work from home protocol began for companies, due to the coronavirus outbreak in the country. The national cybersecurity agency — the CERT-In is an agency that is responsible for the oversight and administration fortifying the security of the country’s internet domain.
The CERT-In (The Computer Emergency Response Team of India) stated in its latest advisory to the internet users that, “Cybercriminals are exploiting the coronavirus pandemic outbreak as an opportunity to send phishing emails in the form of an ‘important update’ or ‘encouraging donations’, or trying to impersonate employees’ trustworthy organisations.”
According to CERT-In officials, the phenomenon of the increasing cyberattacks on personal computers has been occurring since organisations around the country have asked their staff to work from home (WFH) in order to help in stopping the spread of the virus that has created chaos all over the world and infected millions.
The officials said that employees who are switching to remote working because of the coronavirus outbreak could create cybersecurity problems for the business and the employers. And, this increase in the number of cyberattacks on employees’ computers and routers because of unprotected home networks being used.
Explaining further, the agency officials said, with most employees working from home, the enterprise VPN servers have now become paramount to a company’s backbone, and their security and availability must be the focus for IT teams. They said it is essential that the VPN service used by the employees is patched and up-to-date because there will be way more scrutiny against these services.
It has also been suggested to take in some countermeasures and obtain some security practices in this context, such as — changing of default passwords of your home wi-fi router to prevent cybercriminals from accessing the network, and also using strong and unique passwords on every account and device, and should use two-factor authentication to have a safer operation.
Other countermeasures include not to allow sharing work computers and other devices with friends and family members of anybody else. Such measures will help in reducing the risk of unauthorised access to sensitive and critical company information. The agency also said employees that are WFH to update their VPNs, network infrastructure devices, and devices that are used in remote environments with the latest software patches and security configurations. The employees should only use the software of their company and should refrain using your work device for personal work.
For organisations, they should have enough security protocols for remote working. They should ensure that remote sessions are automatically time out after a stipulated period and should ask for re-authentication to gain access. It also urged IT teams of the organisations to remind employees of the types of information that they need to safeguard. Such measures include information such as confidential business information, trade secrets, protected intellectual property and other personal information.
Some basic requirements include that employees should also turn off ‘remember password’ functions in the computer while logging in. A specific suggestion for IT teams was to consider using mobile device management and mobile application management for smoother operations. Such tools and security measures will allow businesses to operate remotely.