With the majority of office workers needing only a computer and a stable internet connection to effectively complete their work, it would seem that a return to the office is still on the distant horizon for many says, Patrick Burgess, technical director of Nutbourne.
With staff working remotely, a considerable shift of security controls can be seen. This has meant, for CIOs especially, that a range of new risks, threats and challenges have presented themselves, and will continue to do so as lockdown continues.
Crowdstrike recently reported a sharp uptick in the number of COVID-19 malware. CNBC has reported that 1 in 3 executives had seen a spike in cyber threats and a reported 40% in one organisation. Most commonly, these attacks are coming in the form of COVID-19 themed text messages or emails. These contain a fake link that, if accessed, installs malware on your system or steals your credentials. The types found and detected have been designed to specifically access banking details or financial information.
Here Patrick Burgess, provides some insight into the dangers you may face whilst working from home and has offered a variety of advice in avoiding these risks.
Malware is opportunistic
Malware is an opportunistic form of attack and works best when people don’t have good systems to repel it. With many people working from home at very short notice, new systems to protect against malware aren’t set up effectively.
Additionally, with businesses sharing more information online than ever, users are now more likely to click on links and access content. It’s a good time for malware to hit the mark, meaning the people who make money out of it are distributing it more. The mixture of mass worry and home working has made people much easier to target and has thrown many company’s IT security off kilter.
What to look out for
If an email or message sounds too good to be true, it probably is. The government is highly unlikely to be offering you COVID-19 treatment or financial help over an email or SMS. Equally, be aware of correspondence from people you know that sounds unlike them or asks you to do something that you wouldn’t normally be asked to do over email the chances are it will be fake.
If, in your company, requests for invoices and the like are regularly made via email unsurprisingly this is the case for many organisations it is a good idea to put a new procedure in place and take steps to secure emails. That procedure could be something simple like the verification of an invoice through another medium of communication SMS for example.
IT security advice
Right now we are facing unprecedented circumstances and a lot of organisations are adapting to new ways of working for the first time. Due to this, there’s a lot of communication from organisations and the government. Scammers are aware of this and are preying on fear and the need for information. Most scams are coming via email and are disguised as legitimate communication. These emails are usually after two things credential capture for network access or malware to infect it.
There are usually tell-tale signs, such as poor grammar, poor design and the way you are addressed, which can make an untrustworthy link more obvious. Another usual sign of this is urgency – ‘pay X amount in the next 24 hours’, for example. These are all simple additional IT security measures your employees should take that will help you immeasurably.
Basic cybersecurity solutions are essential for a dispersed workforce. This includes patching servers, good quality spam and virus solutions, and maintaining awareness of likely threats. As the workforce is fragmented, it’s also a good idea to set up a knowledge base as well as a chain of command to ensure that everyone in the workforce is aware of potential threats that are circulating.
One of the most important things to be aware of at the moment is not to click on anything you’re not sure of. The last thing any company needs in the current situation is to have their files encrypted and to have to pay a huge ransom to get them back. Always check if you’re not sure. For a long time, this has been one of the most effective IT security measures you can take, and it remains so.
Communication is crucial. Establishing intranet pages to post information on is a safe and simple way to do this. Encouraging employees to check this daily or alerting them to updates through the chain of command keeps everyone informed and reduces the likelihood of malicious email links being opened and infecting the network. Employers should also ensure that everyone is using secured Wi-Fi at home and that Multi Factor Authentication is being used for email logins.
The author is Nutbourne technical director, Patrick Burgess.
Follow us and Comment on Twitter @TheEE_io