Even as world starts to open up, many companies are choosing to keep employees home. However, the sudden change in workflow also brought many new opportunities for hackers.
As reported by the FBI, the number of cyber-attacks quadrupled since the pandemic. Phishing and malvertising are on the rise, with many COVID-19 themed malicious campaigns. Attackers are actively targeting remote workers with techniques more sophisticated than ever. The lessons learned during the pandemic will help keep remote workers safe from threats and your data protected.
Continuous training of employees on cybersecurity
Almost all the successful cyber attacks started with a human error. Thus, employees should be treated as the first line of defense. You should teach your employees to recognize phishing emails, to be aware of malware together with its spread techniques and how to properly manage passwords. Also ensure that your employees are familiar with your IT/security team and are instructed to report any suspicious events.
The importance of e-mail security
With the massive increase in phishing attacks and with most of the sensitive communications happening digitally, protecting corporate accounts is more important than ever. Make sure you have efficient anti-phishing and anti-malware systems in-place for your email accounts and two-factor authentication enforced for your employees. Suspicious account events, such as logins from a different geographic location or multiple failed logins, should be logged and analyzed. Additionally, consider deploying end-to-end encryption for e-mails, so that even in the case of a full account compromise, data are still protected.
The security of video–conferencing software
The boom in the use of video-conferencing software also brought a rise in room hijacking. Hackers can not only cause a disruption but also leak sensitive corporate data. To secure your meetings, rooms should be password protected and hidden from uninvited guests. Features like file sharing, recording and data retention should be policy–managed.
Restrict remote access to your internal tools and services using VPN
Making internal tools and services accessible only via enterprise VPN severally reduce the attack surface and allow your employees to connect from anywhere in the world. A well-configured VPN can protect against compromised credentials, system-specific vulnerabilities and limit the impact of a breach by applying the principle of least privilege to each user.
Management of Computers
The best practice is to require employees to use a company issued computers. Computers should be encrypted and running a preconfigured anti-malware solution. It is recommended to password-protect both BIOS and administrative account of the computer to prevent any bypasses of security policy.
The COVID-19 pandemic is changing the world and is affecting all segments of the population. Companies are forced to completely rethink their business operations with the emphasis on telecommuting and remote collaboration. However, with remote workers being more exposed and cyber attacks more prevalent, it is now even more important to have an effective cybersecurity.