For organisations, closing their doors and enabling employees to work from home in the wake of COVID 19, can be major workplace flexibility. However, for threat actors, it can be a newfound opportunity!
Every time an employee connects to the enterprise network from home, they leave scope for threat actors to bank in the possible access points and get into the corporate system. Today, due to this current epidemic, a large number of devices are being used from home – mainly desktops, laptops, and smartphones – thus, giving hackers opportunities to target these vulnerable points.
The current situation has created security concerns for Chief Information Security Officers (CISOs) across the globe who are reeling from bug disclosures and cyber-attacks and finding it difficult to maintain organisational cybersecurity posture. It seems that the safety net of ‘work from home’ policy has rather emerged as a watershed moment for cybercriminals to develop newer ways to barge in!
Phishing emails claiming to hail from World Health Organization (WHO) to offer free healthcare kits or a ‘Deadly Corona Virus Map’ are real-time examples of how cyber attackers are making various organisations their new target.
Lack Of Right Devices, Processes And Infrastructure For Remote Working
The enterprise devices, despite being protected by internal safety measures, can become vulnerable due to several reasons: poor configuration of remote network connection and outdated security software. However, the biggest threat in this scenario is the usage of personal devices that in-house security teams can’t monitor. A large number of employees use their personal devices to perform organisational tasks from home and who knows whether their systems might be already infected by now.
Simply put, organisations that don’t have employees’ home network infrastructure in control are certainly at risk!
How To Tackle?
While hackers across the world are already running phishing scams around COVID-19, organisations should train their employees on how to avoid suspicious emails and malicious links. As for now, they should stop sharing their personal and financial information with anyone via email or text or any online medium. In case someone asks for such details, call them to confirm and then forward the information over the phone.
For internal communication, organisations should encourage professionals to use encrypted, enterprise-driven services like Virtual Private Network (VPN) instead of public-facing apps like WhatsApp to avoid becoming prey to threat actors. For its effective implementation, companies should release proper security guidelines and make sure its employees use the most recently patched/updated version of the respective software.
Besides these practices, one must also follow security fundamentals: avoid making notes of passwords on personal devices and ensure screen lock of personal devices. Although the worst security habits that employees naturally develop while working at home are not major, sometimes they can make home security network prone to threats.
Organisations must also emulate their behaviours to remain productive, mirror their home setups to retain a work environment and keep daily schedules as consistent as possible. As in many areas of education and life, if you are standing still, the world does not stand still with you. Ensuring your team remains as prepared as possible requires setting aside time to train, even remotely. Training against real-world malware in a remote environment with remotely accessible tools is key to ensuring success while working remotely.
With the outbreak of COVID-19 also giving rise to several new cyber threats, organisations across the world must keep in view these security measures and drive awareness among the workforce on how to fight such odds. While social distancing has become the new buzzword with people socialising online, it is crucial for everyone to take proper security measures from their end to avoid cyber risks and protect sensitive enterprise data from being compromised by threat actors. It’s time for us to stay safe, both offline and online.