Cybercriminals are likely to target any weaknesses they can identify during the COVID-19 outbreak, including seeking to exploit any gaps presented by large-scale remote-working to access valuable data. Therefore both employers and employees should remain vigilant to network vulnerabilities and anticipate the targeting of remote access processes by highly organised criminal groupings. The considerations below can help mitigate this risk.
Considerations for Remote Working
Re-emphasise vigilance: Networked company hardware will already be compliant to company IT security policies, home/personal computers may not be patched and updated to the latest security mandates and may contain active or dormant malware (company-sanctioned level of anti-virus software, password protection technologies, or secure network connections).
Threat matrix: Cyber criminals will already be exploiting vulnerabilities with statistical assessments finding malware in 3 of every 5 “Coronavirus” tracking apps on the Google and Apple stores.
Remote access strategies: Heightened network monitoring should go hand in hand with remote access to ensure VPN exposure is safeguarded effectively.
Physical breaches: Employees will naturally be more relaxed when not in the office with the potential to save sensitive company information to personal desktops/USB drives, multitasking with simultaneous browsers open and secure portals open. Printed documents also provide a security risk.
Increased phishing attempts globally are already visible, using emotions around the Coronavirus to trick people into letting their guard down.
Therefore, it is important to consider:
– Mandate all employee devices comply with specified standard of company security software and the latest manufacturer software updates prior to permitting access to any remote systems.
– Multifactor authentication upon each login to a company portal.
– Only allowing remote access through a virtual private network (VPN) with strong end-to-end encryption.
– Imposing additional credentialing with respect to the ability to download certain sensitive data.
– Enhanced network monitoring once home computer VPNs are recorded.
During this current crisis, remember to think before you click and certainly check, validate and confirm before you install or download.
Author: O’H (Mike O’Halloran), Associate Director
NGS is an emergency evacuation company that runs tracking, remote medical and security operations for global clients.