As COVID-19 continues to spread, the probability for disruption of various activities and operations increases. The crisis has seen many businesses move their workforce from conventional offices to working remotely. However, doing so can significantly compromise security and is therefore both a critical and challenging issue.
As more than half of the workforce in some countries is currently working from home or remotely on a full-time basis, IT departments are scrambling to keep up with the myriad of issues and concerns as they struggle to implement adequate remote work solutions.
Intelligence from multiple sources shows a constant increase in cyber-security issues targeting remote workers during the coronavirus outbreak. Hackers are playing on concerns over COVID-19 to engage individuals working outside the traditional secure office environment. This in turn opens the door to additional cyber vulnerabilities.
While different organizations are adopting different approaches and implementing different solutions from different partners in this growing battle, there are still several common and fundamental issues every organization should focus on:
- Proper Training. Phishing, ransomware and social engineering efforts remain substantial threats that continue to grow in sophistication and proliferation. According to various sources, over 30% of data breaches in the past year have involved phishing while another 30% utilized theft of identities and/or credentials. The human factor is a key component in enabling most of the security breaches and vulnerabilities and usually stems from a lack of awareness, knowledge, or training. Therefore, remote workers must be reminded about phishing emails and how they are used to steal data and credentials. They should be kept up to date on new schemes and methods so that they know what to look for and what to avoid. Despite malicious attempts being more sophisticated and innovative, the fundamentals for protecting against them remain the same: 1) never click links on unsolicited emails; 2) never open attachments from unknown sources; 3) always check the source of e-mails or messages if they look suspicious, even if the source appears to be known as it may have been spoofed; and 4) never respond to emails asking for personal information.
- Virtual Private Networks (VPNs). This tool must be installed on every remote device connecting to the organization. Workers should receive basic training on how to use it, and it should be kept current and up to date. The organization needs to encourage employees to always use a VPN when connecting from home or public (i.e., untrusted) hotspots such as in cafés or airports.
- Password Security: Repeatedly using the same passwords or using ‘weak’ passwords can leave individuals and organizations vulnerable to hackers. It is imperative to educate users continuously on the importance of proper password principles. However simple and trivial these may seem to some users, they are still one of the main reasons for password security issues. To create a secure password, users should NEVER do the following:
- Use personal information such as names, special dates, default numbers or words, and sequential numbers or characters. All of these are far too easy to crack and are a significant security risk.
- Use common or dictionary words. Hackers will often run various dictionaries or lists against passwords in an attempt to crack them. This is applicable to both words in the user’s native language as well as other phonetic patterns.
- Use common substitutions. These include substituting @ for a, or ! for l or 1. Under brute force hacking, a random dictionary word with common substitutions and numbers or symbols at the end will take between hours to a couple of days to obtain.
- Write down passwords. Passwords should be kept private and memorized. Leaving them on pieces of paper near your computer or on your desk will make it much easier for unauthorized people to access your accounts and information.
- Enter passwords over unsecured connections. Unsecure Wi-Fi networks are all around us, in cafes, airports, stores, shopping centers, hotels, and more. While they may appear safe, most of these networks are easily accessible to other people, and entering passwords while connected to them is a security risk.