Non-essential businesses in Ontario and around the world have shut down in an effort to flatten the curve on COVID-19 cases. Many office workers are now working from home to decrease the risk of contracting COVID-19. What about flattening the curve on cyber security risk? How are businesses managing their remote cyber security?
Remote office workers present a challenge for organizations as it increases the amount of entry points for hackers. One insecure remote login is all a hacker needs to get into systems. Other attack vectors include users using their own unsecured devices to access networks, and phishing campaigns in the guise of providing COVID-19 information.
To help lessen the risk to data privacy while working from home, it is wise that organizations have some sort of VPN (Virtual Private Network) in place. VPNs use what is called a “tunnel” to encrypt data as it travels over the internet. It can prevent hackers from seeing the data that is transmitted from home to work servers. In addition, it is wise to secure any remote logins, be them through VPN or cloud, with multifactor authentication. While a hacker may be able to guess a password, or find it on the dark web, it will be difficult for them to figure out the other piece of the authentication puzzle.
As far as scams go, there seems to be a new COVID-19 scam appearing everyday. An article in Forbes Magazine quotes security firm Mimecast’s statistics on the types of scams that have been occurring since the start of the COVID-19 pandemic: “Between January and March, spam and opportunistic detections increased by 26.3%, while impersonation was up 30.3%, malware by 35.16% and the blocking of URL clicks by 55.8%.” Most recently, the Better Business Bureau has reported a new scam involving online counterfeit coupons. How the scam works is the coupon link (often found on social media) takes them to a third-party website that, “in order to get the coupon or voucher, asks for the person’s information which results in downloading viruses or malware. The individual never receives the coupon/voucher and doesn’t know who received their information.” Therefore, a good security awareness training plan is essential for remote workers. Being able to spot scams and phishing emails is extremely important in preventing malware, ransomware and the leaking of proprietary company information.
Closing off unsecured remote logins, using VPN technology, adding multifactor authentication and cyber security awareness training are all things organizations can do to help flatten the curve when it comes to cyber security risk during COVID-19. Ideally, these same steps will help secure your organization beyond COVID-19.
If your organization is facing any of the above challenges, contact Uzado today.