Patrick Burgess, technical director at Nutbourne, discusses the steps you need to take to ensure staff are working safely while remote.
A return to regular worklife still seems a long way off for the majority of office workers who need only a computer and a stable internet connection to complete their work to the expected standard. With staff working remotely, however, a considerable shift of security controls has been seen, resulting in a vast range of new risks, threats and challenges.
A sharp uptick in the number of COVID-19 malware has been reported by Crowdstrike, and CNBC has reported that 1 in 3 executives have seen a spike in cyber threats. These attacks are most commonly presented in the form of COVID-19 related text messages or emails which contain a fake link that, once accessed, results in the installation of malware to your system, or alternatively, the theft of your credentials. The types that have been found and detected have been specifically designed to identify banking details or financial information.
The following insight into the dangers you may face whilst working from home should ensure that you are able to avoid any potential threats.
The opportunistic nature of malware
Malware’s opportunistic process of attack is most effective when people don’t have good enough systems to repel it. New systems to effectively protect against malware are unlikely to be set up due to the sheer amount of people working from home at short notice, and with this resulting in businesses sharing a vast amount of essential information online, users are now more likely to click on links and access nefarious content than ever before. Now is the perfect time for malware to cause mass-devastation, and those who make money off of it are more than willing to take advantage of the anxieties many individuals are experiencing at the moment. This combination of worry and working from home has resulted in many people being significantly easier to target, whilst also disrupting the IT security of many companies.
What to look out for
The first thing to remember is, if an email or message sounds too good to be true, that means it probably is. It is highly unlikely that the government will be offering you financial help or COVID-19 treatment over email or SMS. It’s also essential to be aware of when a correspondence with somebody you know sounds unfamiliar in tone. They may even ask you to do something you wouldn’t normally be asked to do over email and, with the above considered, these kinds of requests should be ignored and deleted.
Unsurprisingly, many organisations will send requests for invoices, and the like, via email. With processes such as this, it’s recommended that new procedures are put in place to ensure emails are secure. This can be something relatively simple, such as the verification of an invoice through SMS, or some other medium of communication.
IT security advice
A lot of organisations are currently adapting to new and unfamiliar ways of working, due to the unprecedented circumstances we are all facing. This has resulted in a great deal of communication stemming from the government and various organisations - something which scammers are acutely aware of, and allows them to prey on the public’s fear and longing for further information. Most scams are disguised as legitimate communication in the form of an email and will usually be after two things - credential capture for network access or malware to infect it.
Links should never be clicked unless there is 100% certainty that it is legitimate. Signs such as poor grammar, poor design, and sometimes simply the way you are addressed in the email or message, can reliably indicate whether the accompanying link is untrustworthy. The urgency of the message is also a dependable indication of whether the link should be trusted. A link accompanied by the message ‘pay X amount in the next 24 hours’, for example, is almost surely a scam with the intent of scaring the recipient into acting without thinking. These are all simple additional IT security measures your employees should consider that are sure to help you immeasurably.
It is essential that a dispersed workforce implement basic cybersecurity solutions, including good quality spam and virus solutions, patching servers, and maintaining awareness of likely threats. It’s also recommended that a knowledge base is set up, as well as a chain of command which will ensure everyone in the currently fragmented workforce is aware of any potential threats that are circulating.
The last thing any company needs at the moment is to have their files encrypted resulting in a huge ransom payout to get them back. With this in mind, it cannot be stated enough how important it is to not click on any link you are unsure of. For a long time, this has been, and still remains, one of the most effective IT security measures you can take. If you’re not certain: check.