The current coronavirus pandemic is fast turning homes into private office space. Almost half of Canada’s workforce was operating remotely prior to the shelter-in-place and self-quarantine rules were enforced; and many more people are doing so now. If you’re among this group – often referred to as telecommuters - there are some essential cybersecurity issues that you need to know about.
Firstly, as well as providing you with the high-speed connections that you need to view dynamic websites or send and receive large files, your Internet Service Provider (ISP) should be 100% reliable. When you’re working to meet tight deadlines or trying to communicate with important clients, the last thing you want to do is look unprofessional because of an unstable internet connection.
Once you know that your ISP is properly locked down, you can turn your attention to the very real risks posed by cybercriminals. To prevent viruses and fraud taking over your computer like COVID-19 has done across the world’s population, you need to take action! Read on to learn more.
A Virtual Private Network (VPN) is an encrypted private network that uses a public network – the Internet – which connects remote users or sites together. If you use a corporate VPN to gain access to your employer’s network or Intranet, the security protocols that they have in place should also apply to whatever you’re doing. These protocols are usually a lot stronger than the protection offered by a basic home network, so they’re much more effective in safeguarding sensitive information.
When it comes to cybersecurity, knowledge is power. Breach and Attack (BAS) simulations are a relatively new concept in cybersecurity, but a very smart one nonetheless. Running BAS that identify vulnerabilities can help to assess overall risk levels, especially if employees are accessing business intelligence software, sensitive data, or other systems remotely. BAS highlight any threats and provide advice on recommended actions, helping to keep a network secure. These tests should be conducted and reviewed on a regular basis, so that any required changes can be implemented quickly.
Businesses need to know exactly who has access to which platforms and accounts at all times. Even during non-lockdown, normal circumstances, around 70% of enterprises routinely overlook privileged account user issuers. These can act as unseen openings into an organization’s infrastructure and data.
To better enforce access control employers are advised to use Role-Based Access Control (RBAC) to allow employees access to specific areas according to their responsibilities and status within the company. As far as possible, you should also keep separate devices for your work and personal affairs. Securing endpoints with encryption technology is also vital.
Finally, refrain from using mobile devices to access work files. This rule is usually part of company policy already, but it deserves a special mention now. In a time when people are feeling anxious and on-edge in general, they’ll seek out the familiar in most situations. That includes using their smartphones and tablets to navigate new apps and programs.
Hackers love weak passwords, and the problem grows exponentially when you and your fellow employees are working from home. Without the workplace atmosphere it’s easy to ignore security reminders to change passwords frequently, and many people forget to use strong passwords with a mix of symbols, letters and numbers. As well as these issues, you’re also far more likely to save your access details for faster remote access.
Your best course of action here is a password manager. This will generate strong passwords for you, and remove the want or need to share or save your credentials on any site.
Wherever possible, opt for Multi-Factor Authentication (MFA) passwords that require a secondary confirmation code to be entered. MFA reduces the risk of hackers stealing passwords and gaining access to your network.
Human errors, or silly mistakes, come in many forms and can cause quite serious calamities. Kaspersky’s security experts say that 52% of businesses identify these errors as their single largest security weakness.
Employee-related data breaches can occur if you fail to use a secure connection to download data, or when you forget to lock your screen if you’re working in a public place. At a time when many organizations are scheduling video conferences, your personal security can also be put at risk depending on what is seen in your video. For example, if someone has nefarious intent they may spot weak entry points in your home, or valuable items that can be stolen easily.
The other major way that staff members can unwittingly cause major security breaches is with phishing scandals. Once again, this is an issue that has been known about for some time. But as we all try to keep up to date with news on the self-quarantine situation and experience a new level of fear about the outbreak, it needs to be highlighted again.
In the past, criminals targeted groups with specific interests when enticing them to click on links which would then install malware onto their devices. Now, they can use COVID-19 to attract a lot more people with every scam – increasing their chances of success exponentially. The Covid 19 Tracker Android app is a good example of this. While it looks completely legitimate, once downloaded, the app locks the device and demands a ransom to return control to the owner.
To deal with the human factor here, businesses need to engage in frequent training sessions to advise and remind people about the dangers of cybercrime. This includes telling them to report any security incidents as soon as possible.
Online refresher courses, pop-up prompts and friendly email reminders can help employees to take all forms of company security seriously, from changing their passwords on a regular basis to avoiding uncertified apps and unknown links.
Cybersecurity is important for businesses of all sizes, and even if you are part of a small organization, you need to enforce the basic principles to stay safe while working remotely. By working together, staff members can help to maintain the cyberhealth of their organization while staying at home.