Many organizations around the world have asked their employees to work from home in response to the COVID-19 outbreak. This has created cybersecurity challenges for many businesses as they often lack the experience, protocols and technologies to enable a remote workforce, in a secure way. Here are some common challenges organizations are facing as they transition their workforce.
Remote Workers Lack Security Awareness
Many employees are working from home for the first time. They don’t know the best practices that experienced remote workers know well, such as using a VPN on public networks, or not saving sensitive information on their personal devices. Negligent employees are the number one cause of cybersecurity breaches and the risk increases exponentially when working remotely. The solution is simple – train your employees in the fundamentals and retrain them periodically. Equipping your employees with the right knowledge and tools will go a long way in protecting your valuable data.
The cybersecurity awareness training should cover cybersecurity best practices and rules employees should follow when working remotely. Here are the suggested topics to include:
- Physical security of computers and peripheral devices protection. Outline what employees must do to secure their remote workspace and steps to protect their work stations and devices
- Password best practices and faux pas. Teach employees how to create strong passwords using passphrases and avoid using weak and compromised passwords. Go over the basics such as never sharing passwords or writing them down
- Detect cybersecurity threats, including phishing attacks, social engineering and suspected malware
- Safeguard work data. Ensure employees only use secure internet connections such as VPN, use encryption software and have up-to-date firewalls, anti-virus software and anti-malware on all their devices. Make sure employees know all the cloud-based collaboration platforms available to them and that they need to keep files and services on the cloud. Ensure encryption is used for all data that is stored and in transit
- Safe remote and mobile computing should cover anything from securing remote access to BYOD security
Increased Susceptibility to Phishing Attacks
Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. Oftentimes, phishing attacks trick targets into handing over their passwords, which can be used to access organizational data. We are now seeing an increase in phishing attacks using coronavirus references to bait employees into clicking on links or attachments infected with malware.
If you have conducted cybersecurity awareness training, consider sending a security reminder encouraging employees to take the following precautions:
- Avoid clicking on links in unsolicited emails and be wary of attachments
- Always verify email sender domain to see if it matches the website of the organization the email comes from
- Check for any suspicious URLs within the emails
- Use trusted sources for fact-based information about COVID-19
- Avoid responding to emails soliciting personal or financial information
Employees may have already fallen for phishing attacks, and even handed over their credentials. Or they could be using compromised passwords leaked from previous breaches, creating a vulnerability for your business. To prevent cyber-criminals from exploiting those passwords to gain access into your corporate network, use this free password auditing tool to scan your Active Directory for compromised passwords.
Password Expiration Putting a Strain on Service Desk
Password expiration reminders work while in the office or on-network, but fail to notify users when working remotely. Expired passwords increase calls to the service desk where the IT staff is already burdened with transitioning to a remote organization.
Identifying accounts with passwords approaching expiration with proactive communication can help you prevent the issue altogether. This free password notification tool enables IT admins to configure password expiration email reminders to be sent via their own SMTP server, letting IT admins communicate password expirations to remote users. You can define how long prior to the password expiration the emails will be sent, as well as how often they are sent.
COVID-19: An Opportunity for Better Security
The weak infrastructure combined with targeted COVID-19 phishing attacks create a prime opportunity for cyber-criminals. However, organizations can also use the outbreak as an opportunity to strengthen security and implement the above solutions to decrease risk.