Now more than ever, large scale remote work is being implemented across many sectors and companies as organisations are under great pressure in the current climate. Not only do employees need to be provided with all the resources they need to work remotely, in the short and long term, they also need to be diligent and pay extra attention to potential threats from outside.
What needs to be taken into account to ensure security? Our cyber security specialists have shared their tips.
There are many malicious parties who try to make use of the current situation for their own gain. They send emails with conspicuous content in the subject line to ensure that the message is opened. A fairly recent example of this was a party that posed as staff of the World Health Organization and offered 'information' with which COVID-19 could be fought.
Organisations in which a large part of the communication is via e-mail run an increased risk of becoming victims of phishing. You can limit the risks by taking a number of things into account when going through your inbox:
- Check whether the alleged sender is actually the sender. Sometimes there are multiple email addresses in the list of senders. If in doubt, you can reveal all the senders addresses by selecting 'reply'
- Don't open links and/or attachments from senders you don't know
- Do not send personal data to unknown senders
- Be wary when an attachment asks you to click on a link
- If the email asks you to click on a link, hover your mouse over the link to see what webpage you will be sent to
- If the email asks you to open an attachment, hover your mouse over the link to see if it does not lead to a web page
- If you arrive at a web page you don't trust via email, you can see in the browser's URL bar whether you've been redirected to another website
- If in doubt delete the email to avoid accidentally replying or clicking the link/attachments and notify your IT security team.
If you are aware of the above ways to identify phishing emails then you will be able to help keep your organisation secure.
Now that your employees don't sit next to each other in the office, it's a lot harder to establish someone's identity. It's easy to go and ask someone something in the office, but now all kinds of channels now have to be used to share information with each other.
We therefore recommend taking some security measures with respect to passwords:
- Double authentication - such as via Google Authenticator - provides extra secure environments
- Create passwords with special characters, numbers and uppercase letters
- Long passwords are more difficult to retrieve using the brute force attacking tactic, so make sure the password has a minimum of eight characters
- Prevent the local storage of passwords
- Use password management tools
Another threat that needs to be taken into account is the security of your WIFI connection. Hacking a WIFI network can give parties access to personal and sensitive company information. In some cases you will be directed to websites where the attackers can install malware and thus gain access to confidential information.
Fortunately, there are a few simple tips to minimize the risks:
- Change your default WIFI password you use to connect and your administrator password
- Hide the network from others if your WIFI offers this capability
- Do not share your password with people outside the organisation/household or with close friends
- Regularly check if any unknown devices are connected to the network
- Be careful when downloading applications as they can hide malicious information – check they are from a reputable app store like Apple Store
Unknown platforms and systems
In many organisations, it is customary to work within a secure business environment. Websites that are known to pose a risk are blocked for employees, and fixed tools and systems are used to carry out the work.
The risk increases when the use of your own device does not work within the systems or when there is no supervision within the system. For example, employees may introduce new tools or systems that were not previously used and visit websites that could not be visited before. To take care of this:
- Communicate clearly about tools, systems and software that can and cannot be used
- Draw up a clear plan for giving approval for the use of new tools, systems and software
Communicate about risks, attacks and threats
Different organisations face different challenges, which makes it impossible to summarise all the threats in one article. What we do know is that IT departments are facing increased risk factors as remote working increases. In a short period of time, internal systems have to be adapted in order to be able to enable remote working. The usual routine is completely changed, and the speed and size of the operation increases as does the chance of errors in the implementation process. It is therefore important to encourage staff to report suspicious matters and activities and communicate updates of what happened in terms of risks, threats or attacks your company has received.
The National Cyber Security Centre has a very comprehensive range of advice and guidance around cyber security topics, and if you want to understand more in depth the points above, we recommend having a look at their advice.