As the coronavirus continues to spread, the possibility for more disruption of day-to-day operations grows. For those who have migrated their workforce away from the office, working remotely without compromising security is critical and challenging. According to Global Workplace Analytics, 50% of U.S. workers are now working from home full time but cybersecurity concerns are confronting organizations, 48% of which according to Slack, are struggling to enable a Work Remote Solution.
New data warns of cyberattacks targeting those forced to work from home during the coronavirus outbreak. Hackers are leveraging concerns over the virus to prey on individuals working outside secure office environments, opening the door to more cyber vulnerabilities.
The Three Areas Every Organization Should Focus On:
- Virtual Private Networks (VPNs) must be kept current and up to date and employees should be encouraged to always use them when connecting from home or public (i.e., untrusted) hotspots such as in cafés or airports.
- Strong passwords have always been imperative for data protection but now more than ever, employees must be vigilant. Sharing passwords between sites or granting others access to computing and data resources must be avoided. Password managers (e.g., Bitwarden ) should be encouraged so as to use features such as password duplication and weak passwords.
- Training is critical. Phishing and ransomware remain substantial threats that continue to grow in sophistication and proliferation. According to Verizon Enterprise, about 33% of data breaches in 2019 involved phishing attacks while another 30% utilized stolen credentials. Therefore, remote employees must be reminded about phishing emails and how they are used to steal data and credentials. Any email with a COVID-19 subject line, attachment, or hyperlink should be examined carefully. CISA recommends that employees: 1) Don’t click links on unsolicited emails; 2) Don’t open attachments from unknown sources; 3) Never respond to emails asking for personal information.
INsig2 is ready to assist you and your employees if you require training on the subject of digital privacy and security subjects as well as forensic services if there was a breach of security or you suspect that data was lost or exfiltrated.