Working from home? Here are the steps all workers and companies should take to avoid cyberattacks, according to experts
Companies should make sure their workers are up to speed on basic security hygiene, including strong passwords and multifactor authentication.
Workers should be especially wary of suspicious emails and avoid clicking on links that are new or unfamiliar to them.
Hackers are already running phishing scams that capitalize on COVID-19 fears, posing as health authorities to get people to click on malicious links.
"For now, individuals are going to be a lot more targeted because they know there's going to be a path to company assets," said Stephen Breidenbach, co-chair of the cybersecurity practice at the law firm Morick Hock & Hamroff. "I would not be surprised to see an attacker posing as tech support targeting the employee who is outside of the office now."
As a general rule, never share personal or financial information via email or message.
Most phishing schemes aim to extract people's personal information or login credentials as quickly as possible. If you think someone at your company is asking for your personal information, call them to confirm, and if necessary, give them the information via phone.
Before circulating or acting on news about COVID-19 and its impact on your business, verify that it's coming from a trusted source.
While this advice may seem obvious, experts warn that phishing scams surrounding COVID-19 hinge on social engineering, often circulating false information in an attempt to make people act out of fear or panic.
"We can expect an increase in social engineering," Todt said. "Do what you can, whether it's as a consumer, business or otherwise, to validate the source of information."
Businesses should explore rolling out VPN services, and make sure their VPNs are patched and up-to-date.
A virtual private network lets people remotely share data as if they were connected to a shared private network. Several popular VPN services were found to have critical vulnerabilities earlier this year — companies should make sure all workers have downloaded the most patched, up-to-date version.
"I think VPNs are a must," Breidenbach said. "If you do not use an encrypted pathway to get into the company network, you are just waiting for someone to open the door and come in."
Companies should also consider using encrypted messaging services for work communication.
Todt says companies should encourage workers to use encrypted, enterprise-focused services like Wickr as much as possible, adding that consumer-facing software like WhatsApp has proven to be a more frequent target for hackers.
"What I worry about in this situation is that, in an effort to continue to be efficient, people just default to what they use in their personal world," Todt said. "We saw this with Jeff Bezos — don't use the consumer-based technology for business-centered communication."
Experts say it's crucial that companies formulate a recovery plan in case they're hit with a breach stemming from work-from-home conditions.
"A lot of times companies are simply not prepared for this type of incident," Breidenbach said. "Companies need to prepare to maintain at least bare minimum functionality should something happen."
Popular Right Now
Popular Keywords
Advertisement