The current pandemic episode has changed everyone’s work habits. In order to limit the spread of the coronavirus, the generalization of telework was one of the strategies adopted by many countries of the world, projecting the employees in an environment which could be less secure and more suitable to cyberattacks. Ransomware, phishing, DDoS,… let’s go through good practices, in the context of teleworking, to counter these attacks.
January 2020, first cases of coronavirus reported in Europe. Some members of Europe will have to wait until early March to start confining their populations in order to limit the spread of this virus as much as possible. In Europe, but also on the Luxembourg side, a generalization of teleworking was noted (in the case where the functions of the employees allowed this particular mode of work).
This decision was not without consequence… An unprecedented increase of cyberattacks has been recorded, and this is not surprising! Confinement turns out to be a boon for cybercriminals, due to the often less secure work environment at home than at the office, as well as the anxiety that affects many people, leading to an urgent need to keep informed about coronavirus, and therefore, actions by employees who do not comply with company security policies. Consequently, in this current context, companies are more vulnerable to malicious attacks.
A multitude of attacks taking advantage of the coronavirus
For several weeks already, we can notice various attempts of attacks such as phishing, smshing, ransomware, or DDoS. Those exploit the exceptional situation of the coronavirus pandemic to try to steal sensitive information or request a ransom, and can come in different forms. Among those most frequently encountered, we find:
– Emails inviting to download a pdf which highlights advice and security measures against coronavirus. In this case, the hackers usurp the identity of a trusted organization (WHO, State, your employer,…).
– Fraudulent websites dedicated to coronavirus inviting to download an application to keep us informed of the situation, or to enter our personal information.
– Emails marketing fake vaccines or fake products claiming to protect against the virus.
– Threats to infect the family of the victim if they do not pay a certain amount.
– Fundraising scams from WHO or other relevant organizations.
Good practices for secure remote work
We can never say it enough, it is important to remain cybervigilant! It is indeed essential to equip yourself with tools ensuring increased security as well as to redouble your attention so as not to fall into the traps of hackers. To see more clearly, we invite you to read these good practices for secure remote work.
Have advanced protection in place
Appropriate security measures must be implemented. Among these, we find the implementation of multi-factor authentication, allowing to validate the identity of the user. This solution is an additional obstacle for cybercriminals, since knowing the victim’s password will no longer suffice. We also find data encryption, updates to the peripherals used, operating systems and software applications, as well as the provision of system monitoring. Using a VPN will also create a secure connection to the corporate network. We also need to secure, using firewalls and antivirus, the equipment used, whether professional or, in some cases, personal. In addition, one aspect to remember is Shadow IT ; it’s important to force employees to report the use of tools or applications that have not been approved by the IT department. In the same vein, it can be useful to manage and control the use of removable storage media and other devices, as well as to implement application installation restrictions.
Staff awareness of cybersecurity issues
As mentioned above, this context of the coronavirus pandemic is causing stress among the population, which can make them more gullible in relation to certain messages or calls they receive. In addition, a profound change in our work habits can make it easier to make mistakes. It is therefore important to educate all employees about cybersecurity.
First, it is essential to train staff in the new tools they will have to work from home. In addition, it is good to remind them of the different points to check before clicking on a URL link and/or an attachment in an email: verification of the recipient’s address, review of spelling and grammar, checks that the URL link leads to an HTTPS site,… Then we add the use of different complex passwords for each site used. Finally, employees may have to be in a “home” rather than “at work” state of mind, leading them to use their professional equipment for non-professional purposes. It is there essential to be careful not to compromise the company’s systems when visiting websites in a private setting or when consulting emails received in their personal mailbox.
Do you want to strengthen security within your company? Contact us at firstname.lastname@example.org or at +352 31 71 32 555