Nowadays, companies are very conscious about the health conditions of their workforce due to the coronavirus outbreak. They are now sending people home and instructing them to work via home office. However, the companies have to face a range of complications and cyber‐attacks on their network is one of them. The employees working from home may not have secure internet connections. As a result, their devices are exposed to cyber criminals.
In a recent report published by BBC said that cyber‐criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance. Security experts say that a spike in email scams linked to coronavirus is the worst they have seen in years. As per McAfee, the chart maps the visibility of targets for all known threats leveraging COVID‐19.
It is equally important to add that the scenario is changing daily, with more threats being identified and included as part of McAfee's monitoring program across the entire product portfolio. Remote working does come with a range of risks, but there are methods to minimize them as well.
Here are a few possible risks of working from home:
Most home internet connections are not properly secured. There is no network‐based intrusion detection or firewalls available.
The office network can become contaminated with viruses if an employee inserts a flash drive or any unauthorized device inside official computers. The virus may spread to other official devices, eventually spreading in and attacking the official network.
Lack of awareness
Many companies in Bangladesh are not concerned about cyber security. That is why they do not raise enough awareness or provide training on this issue to the employees. Due to lack of knowledge regarding cyber-security, employees may access risky websites from their work devices or click on website links from spam mails, adding more attack vectors, making way for more security hazards in the office network.
Pirated and unauthorized software are widely used in many local offices. These contain a backdoor access, root kit, or may use the compromised machine as a bot.
Working from home presents a challenge for information security because remote networks usually do not have the same protections as the office network.
While working in an office, employees work behind layers of precautionary security controls. When computers leave the official perimeter, new risks arise for the company and additional policy enforcement is essential. Here are some industry standard guidelines suggested for the times when employees work from home.
Establishing clear security guidelines for employees during such conditions is extremely important. The guidelines will help them protect themselves and the data. Educating employees on why security training is important can also help them improve compliance. They should learn about basic security concerns such as risk-prone or unsafe sites and malicious emails and invalid links containing spams.
Such awareness programs should be run throughout the year so that employees stay vigilant.
Virtual Private Network (VPN)
There is no guarantee that the home connection of every employee is secured. VPN is a web tool that provides the most security for remote workers because it protects online data with the same security and functionality like an office network. It provides an extra layer of security by hiding the users internet protocol (IP) addresses, the user's location and encrypts data transfer.
Office network data
Employees should use their work devices for doing official work and personal tasks should be done on their personal devices. They should not install any unauthorized software in their official machines.
Multi‐Factor Authentication (MFA)
MFA is an additional security layer for business, helping to address the vulnerabilities of a standard password‐only approach. A strong and standard password policy should be enforced so that users can maintain a good password hygiene.
Secure Home network
Most Wi-Fi users receive pre-configured routers from the local internet service providers (ISP). This is, in fact, a mistake that allows malicious parties to access devices connected to the network. Implementing some simple security protocols can prevent this. Changing the router's password, encrypting the Wi-Fi protected access (WPA2 or WPA3) and disabling Wi-Fi protected setup (WPS) and regularly updating the firmware of the router are some of the security actions.
Phishing emails and sites
According to Norton AntiVirus, phishing attackers are looking to exploit public fears about coronavirus. Cybercriminals send emails claiming to be from legitimate organizations with information about the virus. The email messages might ask you to open an attachment to see the latest statistics. If you click on the attachment or embedded link, you are likely to download malicious software on your device. The malicious software, or malware for short, could allow cybercriminals to take control of your computer, log your keystrokes, or access your personal information and financial data.This could ultimately lead to identity theft. Hence, avoiding clicking on links or attachments from unauthorized sources minimizes the risk of cyber-attacks.
These simple steps at the office and employee levels can mitigate common security risks. By providing clear and basic knowledge about cyber-security will help employees stay ahead of incoming cyber attacks.