Working from home comes with a range of security risks! But employees need to be educated too – human behavior is invariably the weakest link in a company’s cybersecurity posture. In the current environment, with many more employees working at home, cybercriminals are actively looking for opportunities to launch phishing attacks and compromise the IT infrastructure of businesses, large and small.
Run Audio and Video calls Securely
What is visible in the background of your screen during video calls and is someone monitoring who is on the call? The same is true for audio only calls. A team member should be responsible for ensuring only invited guests are present, and calls should be locked once started, so other participants cannot join.
Educate Employees on Phishing attacks
Educate Employees on Phishing attacks
Now COVID-19 related Phishing attacks which use the current crisis to trick employees into clicking on fake links, downloading malware, and revealing passwords – so educate them. These could be fake HR notifications or corporate communications; fake tax credits; fake emails from mortgage providers; free meals and mechanisms for registering for them. The list is endless and cyber criminals are very news savvy and quick to adapt. Employees are likely to be more vulnerable to phishing attacks due to people rushing, fear, panic, and urgency; all the behavioural traits that result in successful phishing attacks.
Automate Virtual Personal Network configurations (VPNs)
Automate Virtual Personal Network configurations (VPNs)
IT and Security teams may have a backlog of users to set up on VPNs, to provide secure connections to corporate networks. Do not allow employees to send data insecurely, use automation to make accelerated deployments and guarantee correct configuration. Even IT staff are fallible, and the combination of pressure of work volume and working fast, may leave a gaping hole in your infrastructure.
Control the use of Personal Devices for Corporate Work
Control the use of Personal Devices for Corporate Work
Due to the rapid increase in home workers, many employees may be using their own devices to access emails and data, which may not be covered by Bring Your Own Device (BYOD) policies. What this means in practicality, is that employee’s personal devices may not be securely configured, nor managed properly and be more vulnerable. IT and Security teams again, may need to retrospectively ensure that employees are complying with BYOD policies, have appropriate endpoint security software installed etc.
Stop Personal Email and Unauthorised Cloud Storage Use
Stop Personal Email and Unauthorised Cloud Storage Use
When companies are experiencing IT difficulties in setting up employees working from home, people may be tempted to use personal emails or their personal cloud to send and store data, as a work around. These are a risk and can be easy for cyber criminals to target to gain company information or distribute malware, as they are not protected by the corporate security infrastructure.
Keep Collaboration Tools Up-to-date
Keep Collaboration Tools Up-to-date
Tools such as Microsoft Teams, Zoom and Google Hangouts are great, but it is important to ensure all call participants are using the latest versions of the software, and that includes partners and customers that may be on calls. Employees should also only use the corporate approved tools and versions as they will have been tested by security teams for vulnerabilities, that could be exploited by cybercriminals.
Comments
Post a Comment