Whether you are trying to lead a new remote workforce due to the coronavirus (COVID-19) outbreak or a workforce on the front lines in grocery stores or restaurants, there is a new layer of protection you need beyond the virus itself to keep your employees, customers, and business safe: cybersecurity.
Cyberattacks have spiked amid the coronavirus. Hackers are capitalizing on widespread fear and uncertainty surrounding the outbreak, a time when businesses are already increasing their exposure to risk due to mandated stay-at-home orders and little to no IT support. Employees are using their personal electronic devices and other unprotected systems more often while working from home and handling highly confidential data. Because of this, remote hacking has become much easier and the chance of being infected with a range of malware significantly increases.
Even the World Health Organization (WHO) itself is experiencing a more than twofold increase in cyberattacks as it tries to respond to the coronavirus pandemic. They recently released this notice to warn the public that hackers are posing as the WHO to steal money and sensitive information from them. The hackers are using a variety of communication channels for their scams including email, websites, phone calls, text messages, and even fax messages.
Alexander Urbelis, a former hacker who became an information security lawyer, is the one who discovered the WHO breach. He is now warning the public about widespread remote work risks and he is not alone. Cybersecurity experts agree that the coronavirus crisis has unleashed a wave of cyberattacks across businesses worldwide. To protect your data during this critical time, I’ve included actionable tips below, geared toward remote employees and business leaders.
What Remote Employees Can Do
Identify and prevent phishing attacks.
- Pay more attention to the emails you receive and make sure you are expecting them; if you aren’t sure, verify with the sender—through a separate email—that they sent the message
- Validate the sender’s email address; malicious attempts will often obfuscate the return address so that it appears legitimate but has small modifications
- Check for more obvious signs of fake or unofficial emails as well, which often include misspelled words, and incorrect punctuation and grammar
- Don’t click on any links or open any attachments in suspicious emails; instead, delete them or notify your IT or security team
- Don’t enter any personal or account information on pop-up screens or on sites that are not validated
Follow password best practices.
- Use strong passwords or passphrases, or use a password manager such as KeePass or LastPass
- Don’t use the same password for work applications that you use for personal applications
- If available, utilize multi-factor authentication (MFA) for all sensitive accounts
- Review all sites you have accounts with and rotate your passwords with strong passwords or passphrases; malicious attack activity is heightened especially on “essential” stores like Costco, grocery chains, banks, etc.
Secure your browsing.
- Keep your browser up to date, and consider using a secure browser which protects your privacy and prevents tracking
- Be aware of the URLs you are visiting to ensure they are secure; secure URLs will begin with “https”
- Utilize anti-virus software and ensure it is up to date
Follow remote work best practices.
- Work with your employer on how to securely connect to your work applications or the corporate network, and follow best practices to keep confidential information safe while you work from home
- If possible, use your work computer only for work applications and your personal computer for personal needs to minimize exposure to risk
What Business Leaders Can Do
Work closely with your security teams.
- Learn what kind of threats are more likely to occur given the increase in remote employees
- Create a plan to protect your most sensitive data and applications that are critical to your business
Provide clear remote work policies.
- Communicate clear, easy-to-understand guidance that employees can take to protect their work environment at home
- Let employees know they should report any suspicious activity to your security team
Ensure all work-related devices have the right security capabilities, including:
- Secure connections to cloud and on-premise applications through corporate VPN or other secure connection methods
- Adequate endpoint protection, including the enablement of antivirus and encryption for all laptops and mobile devices
- Use of multi-factor authentication for all sensitive corporate systems
Regular cybersecurity hygiene should always be practiced, but the coronavirus outbreak calls for more robust measures. As your business works hard to stay productive during these difficult times, you need to ensure that your network and your data is as secure as possible. You don’t want to manage the challenges of a new remote team along with the consequences of a cyberattack.