Hastily deploying remote working arrangements introduces critical risks during these times of lockdown, here’s a list of the top five threats you should consider and rectify if they apply to your business:
Lack of Remote Working Procedures and Policies
The sudden rush to get workers accessing systems from home soon pushed IT security compliance to the side-lines. Still, now more than ever, you need to ensure the same stringent guidelines implemented in the workplace carry over to your employees home working environments.
Ensure that your backup processes are not compromised. Ensure vulnerability scanning is carried out on the newly introduced remote devices. Do not let workers dial in from their own devices you have zero control over. Ensure off-site hardware is up to date with the latest security patches and ensure access control measures are still in place, such as blocking removal media like USB keys and DVDs.
Cloud-Based Tool Reliance
If you’re relying on MS Teams to host web conferences and dump data into team file repositories, are you ensuring they are being moved back to your primary data store? Is MS Teams authentication enforcing two-factor authentication if you’re storing client data in this cloud solution?
Many users are using Zoom, 200 million users daily according to their latest reports. If you’re one of them are you ensuring your zoom software client is the latest available, and have you secured your zoom account with 2fa? Also worth keeping in mind is the number of security breaches Zoom has undergone since COVID hit. With data being directed through China data servers for malicious unpacking and inspection, “zoombombing” and even secret Zoom webservers being installed to Mac clients, this platform certainly leaves a lot to be desired of ideal cybersecurity practices.
Ensure your cloud platforms protect your data, and ensure your accounts for these cloud solutions are as locked down as they can be with complex passwords and 2fa.
VPN Criminal Activity
NordVPN reported a usage increase of 165% between 11th and 23rd March. Cybercriminals target services such as VPN providers to route their entry for corporate network attacks, masking their real source and identity to mimic possible client interactions.
Unsecured Personal Devices
Do you have your home network split for work purposes and non-work purposes if you’re using it to dial into the office? It would be best to have a trusted admin wireless network broadcast to devices you manage and are sure are patched with the latest security updates with the latest antivirus installed. You should then broadcast a guest wireless network that enforces guest usage policies which prevent devices from communicating with each other, locking devices down to only interact with the internet and no other devices on your network. If you don’t have this in place, what’s to stop your child’s laptop being used to play Fortnite and browse all manner of websites from receiving ransomware and spreading to your work laptop? What data do you stand to lose, or worse yet, leak to cybercriminals?
Coronavirus Themed Attacks
Impersonation Fraud is at an all-time high during COVID lockdown. Cybercriminals claiming to be members of corporations contact IT, Accounts or HR departments and falsify remote connectivity issues hoping to gain access. Make sure support or change requests you receive are validated before they’re processed.
Coronavirus tracking apps are being tapped into by cybercriminals due to rushed development and poor security practices. If you’re looking to track COVID in your area, make sure you’re installing apps from reputable sources.
Finally, keep an eye out for phishing emails trying to get you to click on malicious links. If you’re on 365, consider deploying their defender security suite to have emails proofed, links sandboxed and attachments scanned before your staff infect systems with an accidental click.