As the COVID-19 virus continues to spread, more companies are faced with the reality of remote work.
For many employees, telework is not a new concept, but for entire organizations, this level of remote work is unprecedented. We are seeing companies update their policies to reflect the current landscape and ramp up contingency plans.
During this crisis, it’s essential that organizations do not overlook the importance of cybersecurity when establishing business continuity measures.
Telework opens up a whole new world of security vulnerabilities, especially for groups whose infrastructure was not built with significant remote access capabilities in mind.
According to Checkpoint’s Global Threat Index for January 2020, cyber-criminals are exploiting the global epidemic by spreading malicious activity and launching spam campaigns relating to the outbreak of the virus.
The research also identified a targeted coronavirus themed phishing campaign that hit 10% of all organizations in Italy. Bad actors are also using the increase in HR email traffic regarding the virus to impersonate internal employee communications.
As cybercriminals continue to use the coronavirus as an opportunity for malicious cyber activity and more and more employees begin working from home, communicators must advocate for good cyber hygiene.
If you are unsure of where to start when it comes to developing a secure telework framework for your organization, the National Institute of Standards (NIST) offers an enterprise telework guide.
Here’s how you can start with the basics:
1. All remote workers should have access to a virtual private network (VPN).
VPNs create a secure connection from one network to another network over the Internet. For example, for remote workers using their home Wi-Fi to access the internet, that connection is very likely not as secure as your enterprise connection. If some of your employees do not have access to a VPN, we recommend they do not conduct remote work that is sensitive or proprietary.
2. Multifactor authentication should be enabled for all devices and accounts.
Multifactor authentication is when a user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism. For example, one common method involves requiring users to enter a passcode sent to them via email, text or phone. It is important to provide employees with a guide to setting up these methods and for your company to establish a mechanism for verifying that all employees are using it.
3. Advise your employees to secure their at-home internet connection.
Many at-home internet connections are left password free for ease of access and use. These connections, however, are shared across many wireless devices that are known to have security vulnerabilities. As more workers begin to operate out of their homes, their internet connection and internet-connected devices will become prime targets for cybercriminals.
It is important that organizations advise their employees to divide their home Wi-Fi networks into different accounts. Keep one secure login for business use and one for personal use.
4. Alert employees to possible email scams.
Hyperlinks found in emails or on websites can be tempting to click on, especially if they seem to provide useful information surrounding COVID-19. As mentioned above, there has been an increase in phishing emails using the COVID-19 to trick employees into clicking on malicious links.
It is important that organizations continue to communicate to their employees about the dangers of opening email links and attachments without verifying the email’s legitimacy. Employees can easily verify an email or domain by checking the sender credentials or hovering over a link to identify the URL.
If the email is suspicious, employees should be advised to mark it as such and alert the IT department.
5. Update security systems.
Require employees to keep systems updated with the latest security patches.
6. Turn off devices.
Advise employees to turn off and unplug work devices when not in use.
7. Don’t link work and home devices.
Instruct employees not to connect at-home internet connected devices like Bluetooth speakers or smart TVs to their work devices.
Additionally, organizations should anticipate an increase in IT related support issues. To prepare for this, communications teams should work closely with IT to identify a strategy that helps IT communicate its needs and response times to employees.
As the reality of enterprise-wide remote work potentially looms, organizations must be proactive in how they communicate security best practices for at-home workstations. Stay smart, stay safe and be secure.
Kaylin Trychon is a cybersecurity communications expert and vice president at Rokk Solutions, a full-service, bipartisan public affairs firm. Prior to her role at Rokk Solutions, Kaylin worked at Raytheon Intelligence, Information and Services where she helped build the company’s cybersecurity brand.