Ready or not, businesses are getting workers to WFH, then realizing that security and user discipline can complicate things …
All of a sudden, we find our entire lives playing out online. Never before has the connected world and our ability to communicate, socialize, work and transact online been more front-of-mind, or more critical.
Although the ability to do this is unprecedented, we have to face the reality that where people go, cybercriminals follow. If there is an opportunity to exploit a situation and lure people into disclosing personal data or sending money falsely, you can guarantee that cybercriminals will be working on it.
Kaspersky researchers have already seen examples of COVID-19-related malware trying to piggyback on the virus, hiding malicious files in documents purporting to relate to the disease, but the opportunities for online security to be compromised do not end there.
Said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky: “With a lot of countries in Southeast Asia under different forms of lockdowns, companies are now finding ways of using technology to preserve business continuity. From face-to-face meetings, we have seen the rise of video conferencing. Cybercriminals are aware of this trend and they can exploit and infiltrate through different entries, such as insecure Wi-Fi, network without encryption, use of weak passwords, and poor or neglected app permissions, among others.”
Yeo said he would like to believe that companies around the world are now aware of the importance of securing their applications and websites, especially with the current shift in the IT environment we are now facing because of this pandemic. “But the reality is many organizations are not geared up for people to work from home (WFH), and are thus trying to understand the challenges in real-time, under exceptional circumstances, whilst for some, it is more commonplace and a good time to re-examine security around remote access to corporate systems,” he said.
IT departments globally are facing their biggest networking challenges currently as we see unprecedented numbers of people connecting remotely to corporate networks, putting additional pressure on already strained IT and security infrastructure. Once a device is taken outside an organization’s network infrastructure and is connected to new networks and Wi-Fi, the risks broaden and increase.
There are a number of simple steps that these organizations can take; or ask people on their network to take, to reduce the cyber-risks associated with remote-connectivity.
Kaspersky experts advise the following:
- Provide a virtual private network (VPN) for staff to connect securely to the corporate network
- All corporate devices—including mobiles and laptops—should be protected with appropriate security software, including mobile devices (e.g., allowing data to be wiped from devices that are reported lost or stolen, segregating personal and work data, and restricting what apps can be installed)
- Always implement the latest updates to operating systems and apps
- Restrict the access rights of people connecting to the corporate network
- Ensure that staff are aware of the dangers of responding to unsolicited messages
Specifically for video conferencing, Kaspersky suggests companies to:
- Assess the security features of the platform you will use
- Be sure that your apps are updated
- Read and set the permissions carefully, both during the conference and in the storage of the conference recording(s)
- For user authentication, use a single sign-on (SSO) so your IT team can track and verify credentials
- Encrypt and secure your network tightly
- Create a video conferencing policy which will set expectations as well as boundaries among all participants