In response to the coronavirus outbreak (COVID-19), many companies are asking their employees to work from home. However, this pauses new challenges for companies and creates a very opportunistic situation for hackers and phishers.
Teleworking means an increase in the number of devices that employees use for their work and an increase in the use of online conferencing or collaboration tools such as Zoom, Google Hangouts, Microsoft Teams, Trello and Slack, etc. This development also gives hackers a more significant number of potential targets.
For workers who are asked to work from home during the COVID-19 outbreak, working remotely can be a significant change. For hackers, it can be a real opportunity.
Principal risks and cyber threats related to teleworking
1. Phishing emails
While many essential exchanges take place by email, teleworking is also conducive to phishing campaigns. This malicious practise consists of infecting a computer by sending emails with a virus attached or via a dubious link. By posing as a known or trusted entity, fraudulent messages generally encourage people to download attachments to retrieve personal data.
There has also been a significant increase in phishing attacks related to COVID-19, where hackers take advantage of people’s fear and their need for information about health, safety and financial assistance.
Cybersecurity researchers have identified several fake COVID-19 tracking maps that infect people’s computers with malicious software when opened. This tactic is one of the many ways that hackers and scammers exploit people’s fears of Coronavirus to spread malicious software.
3. Fake domains
According to numerous reports, cybercriminals are now creating and promoting thousands of coronavirus-related websites every day. Most of these sites are used to host phishing attacks, distribute files containing malicious software or commit financial fraud to entice users to pay for fake remedies, supplements or COVID-19 vaccines.
4. The insecurity of endpoints and end-users
Some companies provide their employees with specific computers for teleworking, which are strictly managed and locked. This is an excellent practice to enhance security. But many companies do not offer this service, which leads employees to use their personal computers for teleworking.
Home computers are often used by several people who visit various websites and run many different pieces of software, each of which can infect your computer with malicious software. Home computers typically use weak passwords or no passwords at all, making it easy to access your machine, which can then be used to access data in your office if you remotely connect to your company network.
5. Vulnerabilities at third-party vendors and companies
Every partner, customer and service provider in your ecosystem is likely to go through all the same issues as your organization. It’s crucial that you make sure they also take steps to secure their teleworking workforce.
Best practices and cybersecurity tips for teleworking
Companies need to make their employees aware of the IT risks of remote/home working and the responsible use of business equipment and access. They need to ensure that their employees know and implement basic cyberhygiene practices.
Here are 12 cybersecurity tips that your employees can start implementing today.
- Make sure that all your connected equipment (PCs, phones, tablets, etc.) is well protected by antivirus software, that it is up to date, and perform a complete scan of your hardware.
- Apply security updates to all your connected equipment (PCs, tablets, phones…) and do not delay critical software updates.
- Use two-factor authentication (2FA) for email and when accessing any critical system or application
- Encrypt sensitive data in emails and on your PC
- Increase the security of your passwords: use sufficiently long, complicated and different passwords on all equipment and services.
- Use a password manager
- Use a VPN (Virtual Private Network) to encrypt all your Internet traffic, so that it is unreadable to anyone who intercepts it.
- Beware of the many misinformation that has been widely propagated in recent days and do not relay it.
- Do not open links or documents containing information about Coronavirus.
- Secure your WiFi connection: change your network name (SSID), change your network passwords (including your router password), use WPA2 protection, make sure the latest updates are installed on your router and other network equipment.
- Set up a firewall: Your PC’s operating system usually has a built-in firewall. Also, many routers have hardware firewalls. Just make sure yours are enabled.
- Backup Backup Backup: Back up your data to an approved external hard drive that is not permanently connected to the device or use approved cloud storage services.
DigiSôter (www.digisoter.com) participates in the StartupsXCovid19 initiative to help companies overcome the covid19 crisis. The risk of cyber-attacks increases sharply with containment and telecommuting.
DigiSôter offers free consultancy for the implementation of collaboration tools and secure teleworking solutions.
Contact us at: firstname.lastname@example.org or +32 2 318.12.71 www.digisoter.com