Poorly thought out measures may have long-term consequences for organizations
- There has been a surge in cyber attacks globally with the spread of the COVID-19 pandemic.
- Remote work means your employees are now more vulnerable than before. Organizations can protect themselves by increasing vigilance and disseminating cybersecurity knowledge.
- Taking preventative measures can facilitate detection and defense activities.
By now, work from home is no longer an option, it has become a necessity. This new reality has brought about pressing concerns in the cyberworld as network infrastructures and unusual devices are becoming prey to ingenious cyberattacks. Where enterprises are facing a tough time in protecting their essential data and critical operations, hackers are capitalizing on the fear and uncertainty caused by the COVID-19 crisis to steal any type of critical business information.
To make sure your business does not fall for mail spams, phishing and ransomware attacks, here are four cybersecurity traps that you should be wary of along with some tips to combat them.
1. Insecure home-based network
With employees now using their home-based internet connections and insecure VPNs, cybercriminals can easily access them. Security barriers for home devices are unable to protect the company’s database or even personal information. Passcode protected home networks do not guarantee the same level of security as the infrastructure of a corporate office does. Your employees therefore, are at a higher risk of IP address spoofing and packet sniffing.
As a CTO/Cybersecurity team member you must take the following steps to ensure network safety:
- Make sure your employees protect their home-based networks with strong passwords
- Employees must use company protected VPN that will connect them to your office cloud
- Employees’ devices must have latest Antivirus protection
- You must pair your default antivirus protection with advanced threat protection that can save you from zero-day attacks
2. Risk of data theft on Zoom
Zoom has become the go-to for organizations across the globe to host meetings in this new normal. Although it’s easy user interface appeals to many, at the same time, it is not a reliable platform to conduct confidential business meetings where you and your partners share crucial data through screen sharing or zoom chat. In fact, there are data breaches associated with this too.
Whenever you have to host a business meeting it’s highly recommended not to make your meeting ID public. Create a very strong password for that meeting to keep your meeting room private. Make sure you do not click on any link you get on zoom chat since that may be a scam from hackers.
3. Be aware of online hoaxes
With so much uncertainty and curiosity, it’s no surprise people are reading things about it online. Visiting different websites to know more about this disease. This is certainly a golden opportunity for scammers to capitalize on this tension and hack people’s devices. With more than 100,000 COVID-19 web domains, malicious attacks and Android application breaches have been on the rise. The hackers are running online scam campaigns targeting “COVID-19” to get your attention through emails,video links or excel sheets since the home-based connections do not efficiently protect the scam mails or links.
4. Browser-based vulnerabilities
The use of SaaS software which is accessible through web browsers has increased while working from home. Due to increased browsing, the internet traffic has reportedly been uplifted by 20% during this challenging situation, making browsers a rich data pool for cybercriminals to attack employees’ work system and devices.
As a cybersecurity manager, you need to make sure that your employees use the browser on your corporate cloud network aka “browser isolation”. Also you need to ensure that your teams are only using your corporate plugins and extensions on the internet. This will prevent you and your employees from the browser-based malicious attacks on your work system and devices.
So how can your business respond?
Increased awareness and vigilance can be a powerful antidote against these novel attacks. Here are some key steps you can take to reduce risk to your organization as well as to employees.
No doubt, this pandemic will significantly change how you and your organization work and stay secure, but taking these relatively simple steps, both at an individual and at an organizational level, should help reduce some of the most common security risks prompted by the remote-working scenario. Companies need to understand that these threats are as evolving as they are novel and so must continually develop extensive cybersecurity strategies to protect themselves from the scammers to avoid unnecessary additional costs and disruptions at a time where we simply cannot afford them.
- Raise awareness among your employees about the increased risk of COVID-19 themed phishing attacks.
- Maintain proactive communication to remote workers about your organization’s approach to combating cyber threats prompted by the pandemic and how to identify phishing attacks
- Opt for two-factor authentication for all remote access accounts
- Ensure all devices have the latest antivirus and firewall software installed
- Opt for data encryption on laptops used for remote working given the risk of theft
- Backup all critical systems and validate the integrity of backups to avoid the risk of organized cybercrime breaches
- Be skeptical of emails from unknown senders and do not open any strange attachments
- Be wary of grammatical errors in the text of the email – they are usually a sign of fraud
- Have a cybersecurity helpline in place and report any suspicious emails to the IT or security department