With the current state of COVID-19 which has become a global threat to human existence on earth, one of the key measures to tackle the pandemic and reduce its rate of propagation is social distancing, where companies across the globe are encouraging – restricting – their employees to work from home.
Notwithstanding, moving some distance from your entrusted office environment and working remotely is susceptible to various security vulnerabilities.
Additionally, cruel opportunists are taking advantage of COVID-19 as subject matter to perform nasty phishing attacks to innocent people, hoping the unwary are going to click on these links and disclose the personal data.
Both the employers and employees in all parts of the world have their minds open to the idea of working from home.
But with the risks that accompany this new mode of teleworking, ENISA, a European cyber-security commission has rolled out several recommendations for organizations that are adopting teleworking as a result of the pandemic.
The agency has stated that it has already noticed an increase in COVID-19 related phishing scams.
It, therefore, advises people to try as much as they can, not to mix work and entertainment activities on the same gadget, and specifically, be cautious with messages and ads referencing COVID-19. “Cyber-criminals are exploiting the current situation, so be aware of phishing emails and scams,” stated ENISA.
ENISA has also asked teleworkers to treat any email asking them to change their login information as a scam, even if they appear to have come from credible sources.
Also, the agency has warned people to be suspicious of emails sent by people they don’t know by not clicking on them or opening the attachments.
They need to be careful even when opening emails sent by people they know, asking for unusual things.
The National Cyber Security Center (NCSC) of the United Kingdom has also warned its citizens from falling prey to cyber-attackers.
Leave the issue of COVID-19 alone, it has only made working from home a big deal, and it has always been there where some companies do not require the physical availability of their workers.
But with the current situation, companies are being forced to set up a large population of their workforce to work from home, and within this short space of time, it will come out as a rude shock to many.
First, instead of being able to make a smooth transition, the social distancing and quarantine directives in response to COVID-19 have given organizations, IT teams, and the information executives insufficient time to make preparations and address the possible cyber-security threats of working remotely.
Workers who have had this experience before understanding the steps they need to follow to access the networks and applications from the convenience of their homes, but most employees are doing it for their very first time.
Training is, therefore, a requirement, they need to understand the potential risks, how to access networks and applications remotely, and most importantly, how to ensure the security of the network is not compromised.
Working from home requires an internet connection, a personal computer (Desktop or Laptop), a mobile phone, and any other facilitating device.
The risk of information theft or loss increases when the devices are moved out of the office. This is the possibility of device loss or theft in case of burglary or calamities like fire.
Even if employees are not doing their jobs out of their houses in coffee joints or home gardens, these environments are still not as secure as the workplace.
There is the issue of cyberslacking, it is expected to increase when people aren’t not working from the watch of a supervisor, so there is a loss of productivity.
Loss of productivity is a heavy blow to the organization as it causes loss of profits and ultimately, the downfall of the business.
Accessing the organization network at home poses cyber-risks such as hacking of the organizational system, stealing of the company’s data by untrustworthy workers, or disclosing secrets only known to the company to its competitors.
Also, there is the risk of insider threats when working from home which is one of the causes of fraud and information theft.
There is a challenge with authentication, the people permitted to access the organizations’ systems.
Some networks will develop problems for people accessing them in remote places.
Other organizations will face the problem of not having enough devices for their workers to work from home, so the issue will be solved by having the employees use their own devices to handle company-based tasks, which is an added risk.
Employees’ own devices are not likely to have the level of security as the company-owned devices and it will be hard to control what these people do with their devices and also to secure them against viruses that could easily navigate to the network of the organization.
The risk of shadow IT increases when employees are allowed to work from home.
This is caused by the careless downloading of applications and using non-authorized tools. This might introduce vulnerabilities in the system which are later exploited by criminals.
Also, there is the issue of many users accessing the company’s network using VPNs. The network might fail to support an increased number of users, implying that some workers will be denied access to the system and will not be allowed to connect when working remotely.
Working from home is associated with poor backup and recovery systems hence in case of accidental information loss or theft, employees using their devices usually lack backup and recovery capabilities.
As a matter of fact, this is one thing businesses have failed to pay sufficient attention to until something fishy occurs.
This becomes even worse when remotely working employees are mixing up their personal information with organization data in a single device, which exposes each to some level of vulnerability.
For instance, if an employee downloads an infected file from their email and the laptop ends up crashing, the business will lose data as well.
Unfortunately, SMEs do have a long list of challenges they want to be addressed which makes it even hard to put the issue of backup and recovery systems into a priority.
It’s true but overlooking this issue for a persisted period can lead them into trouble.
Recovery and backup systems are very significant in any organization, irrespective of the size of the business.
To solve this problem, it is easy for employees working from home to create a local backup on their computers, or, for large organizations with an IT department, a centralized backup and recovery system can be constituted for all devices working remotely and carrying critical information about the business.
Although these options are subject to limitations, the company can adopt cloud services for backup solutions.
For instance, SaaS providers like CrashPlan and Veeam are examples of technologies that offer backup solutions for businesses regardless of their sizes, and efficiently cover their backup requirements for both office and remote working employees in one account, and eliminates the hassle and storage of information in case of computer crashes, loss of devices, and other problems leading to data loss.
To remain safe and protected from cyber-criminals, here are some tips on how employees working from home must adhere to prevent attacks:
As we fight COVID-19 by reducing social distancing and working from home, let’s protect our jobs and companies we earn our living from by adopting the right cyber-security solutions, ensuring we are connected to secure and entrusted internet connection, and observing all appropriate procedures and policies of effective data protection.
Acodez is a renowned website development and web design agency in India. We offer all kinds of web design and web development services to our clients using the latest technologies. We are also a leading digital marketing company providing SEO, SMM, SEM, Inbound marketing services, etc at affordable prices. For further information, please contact us.
Contact us and we'll give you a preliminary free consultation
on the web & mobile strategy that'd suit your needs best.
What is Social Engineering? What are the Various Types of it?Posted on Jun 11, 2020 | Cyber Security
The Cybersecurity Skills Gap – A Statistical GuidePosted on Jun 03, 2020 | Cyber Security