Shitesh Sachan, White Hat Hacker and CEO of Detox Technologies.
The demand for remote working due to the COVID-19 pandemic has invariably placed renewed pressure on organizations to secure corporate resources and data in locations outside of their control.
All over the world, large numbers of people have joined the rush to work from home, with many organizations unprepared and with individuals often working from their personal devices.
As these devices are often not maintained with proper security measures, they have the potential of leaving an organization open to various attacks. Here are a few top tips enterprises must follow for remaining secure and compliant while embracing the remote working model:
- Employees should secure a home network: Employees should ensure that their Wi-Fi network is encrypted. Their Wi-Fi should be password protected, which makes it difficult for attackers to access the device via the router.
Read More: Cybersecurity with Data Sovereignty
- Avoid public wireless networks: Public wireless networks may seem convenient, especially if an employee is traveling for work, but they can also be a threat to their privacy. Open Wi-Fi networks provide an opportunity for criminals to hijack a device’s connection and access information sent between the device and the internet. It is best to use secure wireless networks whenever possible. Employees should be made aware before connecting to open wireless networks.
- Use Strong, unique passwords: Enterprises should encourage their employees to use different and complex passwords for each of their accounts and never use their credentials across different platforms. Employees should consistently update their passwords to protect their data and use a password manager or other security solutions to track all their unique passwords.
- See Something, Say Something: Enterprises need to make their workforce aware that they should not respond to emails or phone calls requesting confidential company information—including their information, financial results, or company secrets.
It is easy for an unauthorized person to call and pretend to be an employee or one of our business partners. Employees must stay on guard to avoid falling for a potential scam and report any suspicious activity to your manager and to your Information Security team.
- Stay current on software updates and patches: CISO should make it clear that the employees must update the software across all their devices. Updates are designed to mitigate and patch security flaws and help protect data. Updates can also add new features to devices and remove outdated ones.
- Be aware of Malicious Software: Employees must never download or install software from unknown sources. If they require new software, then they should discuss it with the respective department manager. Downloading and installing software from unverified sources can expose vulnerabilities on an employee’s system, install spyware or keyloggers, and allow remote access without their knowledge.
- Encrypt email messages: As more people access work email at home, cybercriminals are unleashing a barrage of email scams and attempting to breach less secure home networks to access company data. Hence, it is critical that employees must delete suspicious emails and links.
Even opening or viewing these emails and links can compromise the computer and create unwanted problems without an employee’s awareness. If such instances are taking place, then employees should immediately make their IT team aware of this.
- And attachments: Employees should be aware of the attached files from any sender, including within the organization unless they are expecting to receive the file. Certain file extensions require more caution than others.
Read More: AI and Automation Helping Organizations to Combat Cyber Crime
Employees must not download or run an attachment with the following extensions but not limited to: .exe, .msi, .bat, .cmd, or .vbs. Microsoft Office file types that end with an ‘m’ may contain macros and are also potentially unsafe (.docm, .xlsm, .pptm).
- Watch out for work-from-home scams: Work-from-home scams are likely to see an increase and other schemes that target economy workers. Many of these request personal information or upfront payments before the employees can begin work. By the time employees realize it is a scam, the fraudster has ceased contact and stolen their money or taken over accounts.
- Backupsensitive files OFFLINE: There is a high chance of risk if an employee does not follow the safety precautions properly. Otherwise, they may lose their data stored in the pc / laptop due to ransomware or other malware attacks. Hence, enterprises should encourage their workforce to take precautions and make sure that all important files are backed up regularly.
Businesses need to take the time to educate their employees regarding cybersecurity policies and updates. Every employee must be responsible for and aware of the company’s cybersecurity policy.
Read More: Homeworking & Homeschooling in COVID-19 by Brad Egeland
These security fundamentals are intended to be a set of simple and mostly common-sense guidelines to allow all employees to cover the basics, look out for one another, and continue to focus freely on his or her main tasks.
These fundamentals are a minimum requirement for computer information security to avoid creating easily exploited vulnerabilities, but comprehensive security is a never-ending process. The first step in awareness of that process is to be able to recognize a security threat.