Many employees are currently working from home. This article explores three technology best practices to protect your remote workers and your company’s data from the cybercriminals crawling out of the woodwork during the coronavirus crisis.
A global pandemic like the novel coronavirus brings out both the best and worst in people. Healthcare workers are heroically working long hours treating patients, bearing badges of their commitment in the red grooves worn into their faces from masks. Companies are doing their part to â€œflatten the curveâ€ of COVID-19 by supporting their remote employees. Unfortunately, cybercriminals are attempting to take advantage of this influx in remote employees with new threats.
About 85 percent of companies report at least half their workforce is working remotely, and 25 percent are entirely remote, according to a CBNC survey of technology executives. As the number of remote workers has grown, so have the number of cybersecurity threats. Phishing attacks, for instance, increased by 72 percent from January to March, according to cybersecurity firm RedMarlin in the ABC articleOpens a new window â€œCoronavirus pandemic creates â€˜perfect storm’ for cybercriminals to exploit people working from home: Experts.â€
â€œWe are hearing from many clients and law enforcement that the level of cyberattacks, phishing attempts and scams occurring in light of COVID-19 has grown dramatically,â€ said Miriam Wugmeister, partner and co-chair of law firm Morrison & Foerster’s global privacy and data security group. â€œThe bad guys know that every IT department and every cybersecurity group is currently overwhelmed and stretched.â€
Why is the coronavirus attracting increased cyber threats?
The pandemic is drawing more cybersecurity threats for a few reasons, including:
- An increase in remote employees means more people using home networks, which are likely to be less secure. IT cannot as closely monitor and safeguard employees’ online behavior when they work from home. This includes their use of Zoom, Google Hangouts, BlueJeans and other video conferencing tools that employees probably don’t use as much normally when in-person meetings are possible.
- This new wave of remote workers includes people who have never worked from home before or who have worked from home only rarely to care for a sick child or let in a person making repairs. Cybercriminals know these people are more vulnerable because of their lack of familiarity with safe work-from-home practices.
- Cybercriminals are viewing the current situation as a chance to take advantage of people’s fears related to the crisis and their desire to help others by sending phishing emails that appear to be from government agencies, charities and other legitimate sources. Concerns about coronavirus make people more likely to click first and ask questions later.
Let’s explore three technology best practices to protect your remote workers and your company’s data from the cybercriminals crawling out of the woodwork during the coronavirus crisis.
Best practice #1 â€“ Secure your video conferencing use
Video conferencing platforms are invaluable in making distributed teams feel connected and helping them more easily align on projects. Remote employees are meeting online for team meetings and project syncs. Teams are infusing some fun into the current challenging situation by wearing costumes and documenting video chats on LinkedIn.
But this technology is vulnerable to attacks. Take popular video conferencing platform Zoom, for instance. Discovered in January and since fixed, a flaw enabled people to hack into and eavesdrop on private Zoom meetings.
To keep out unwanted people during these chats on Zoom and other online video conference platforms, take advantage of the frequently available authentication functionality available for each meeting. Without proper authentication, cybercriminals won’t be able to join the meeting and gain access to the financial data, product announcements or other private details shared during meetings. Also, refrain from advertising video conference links, especially on social media platforms, where others can find them and disrupt the meetings.
Best practice #2 â€“ Check for TLS/SSL certificates
Recent phishing emails with subjects like â€œBest stocks to invest in during pandemicâ€ and â€œFree supplies provided by FEMAâ€ entice recipients to open them. The sender could appear to be the World Health Organization or another legitimate organization sharing information during the pandemic. Links within these emails could unleash malware when clicked or lead to websites that are realistic facsimiles of the real deal and attempt to pry personal information from visitors.
Remote employees should be warned not to click on links in questionable emails because ransomware could be installed that locks the company out of their data. If remote employees enter company data or personal details on a phishing site, it could put both the company and employee at risk. Caution them to look for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) certificates on any websites they visit as an indication that any data they enter on a site will be protected with encryption. TLS certificates can also confirm that the website belongs to the company identified in the certificate. For additional protection, employees can click on the padlock, then click on â€œCertificate Information.â€ For the most trusted sites, employees can find information about the company operating the website to verify its authenticity.
â€œWhen you’re in an office and protected by network-wide security systems, you’re in a safe bubble,â€ said IT Manager Juan Mack in the Financial Technologies Forum articleOpens a new window â€œRemote Staff Must Be Vigilant About Cyber-Security.â€ â€œWhen you’re working remotely, some of those safeguards go away, so you have less protection from malicious sites or emails. It becomes even more important not to get distracted or click on links that might cause you or your company harm.â€
Best practice #3 â€“ Shore up site security for secure corporate email setting
Criminal opportunists can use personal data obtained via phishing emails to hack corporate networks and access confidential information. The use of an unsecured home wireless router increases the odds that hackers could gain access to remote employees’ personal accounts or to the corporate network employees are connecting to.
Employing multi-factor authentication (MFA) â€“ and not simply two-factor authentication â€“ can make it incredibly difficult for these hackers to gain access to your network and data. In addition, request that employees turn on encryption on their personal wireless routers (many routers will offer either WPA2 or WPA3) to boot the router security.
Keep remote employees safe from cybercriminals
Encouraging more remote work can safeguard employees’ health now during the coronavirus pandemic. In the future, it can increase employee productivity and the company’s bottom line. With the right security measures, it’s possible to diminish the odds that your company’s employees will be at risk from cyber threats so they can focus on their work.