The COVID-19 pandemic has resulted in more people working from home than ever before, so it’s not a surprise that there has been a sharp spike in cyberattacks. Most remote work is dependent on an enhanced technology infrastructure, and businesses had little time to prepare. Some estimates indicate that three-quarters of employees use unmanaged, unsecured personal devices to access their employers’ systems. Consider the following:
- CrowdStrike, the cybersecurity company, reported twice as many intrusions in Q1 2020 than in all of 2019
- Google’s Threat Analysis Group reported in mid-April that it blocked approximately 18 million COVID-19-themed malware and phishing emails in one week
Cybercriminals know they have an increased opportunity to attack remote workers. The risks are high—if successful, hackers can gain access to an organization’s confidential documents and servers.
Employees unaccustomed to working from home must understand best practices to ensure the computers and software they are using are secure. Remote workers need training, security guidance and protocols.
According to a recent Gartner poll, 48% of employees will most likely work remotely either full-time or partially after the pandemic is over as opposed to 30% before. This will call for an airtight security plan that includes both company and personal devices.
With that in mind, here are tips you can share with your workforce to help mitigate cyberattacks:
We all know that we need strong passwords that contain numbers, symbols and letters. All too often, however, employees use the same passwords for multiple logins. By doing so, they are inviting cybercriminals to access sensitive company information. Be sure employees understand strong password policies and are mandated to change them every 30-90 days.
The following includes some general guidelines for employees working remotely:
- Ensure routers are running the latest firmware version
- Set up the router securely with a strong password
- Disable remote management from the internet-facing interface
- Monitor for unknown device connections
- Change the default name of the Wi-Fi network
- Encrypt everything
- Electronic work files should remain on company-approved devices and not placed on personal devices
- Always use a virtual private network (VPN) to access the network remotely. Use the VPN even when browsing web resources or using telecommunication tools.
- Set up two-factor or dual-factor authentication. Two-factor authentication provides a higher level of security and relies on a user to provide a password, as well as a second factor, usually either a security token or a biometric factor, such as a fingerprint or facial scan.
Phishing on the Rise
Hackers are taking advantage of the terms “COVID-19” and “pandemic” to gain access to login credentials, personal details and more. They are using website popups, emails, instant messages and more to trick users into entering personal information by preying on fears. Many phishing attempts are blocked at the browser level; however, it is best to simply avoid these links. It’s far better to get COVID-19 information by searching official sites.
Most of us are familiar with ransomware, phishing and vishing. Now that so many workers are conducting virtual meetings, hackers and internet trolls are disrupting these meetings by gaining access to virtual calls. Tips for avoiding these zoombombing attempts include:
- Use a random meeting ID with password
- Create a “waiting room” for call
- Lock the meeting once all attendees have joined
- Set screen sharing to “host only”
- Update Zoom software frequently
Keep Applications Updated
Everyone should be using patch management software. If not, it is critical to keep track of all application updates and quickly install them to prevent cyberattacks.
Above all, remember that hackers will always take advantage of a crisis. With the advent of COVID-19, they have taken over hospital systems, private networks and videoconferencing. Business continuity, which we address in the next chapter, depends on all employees acting with an abundance of caution.
Our new e-book, “How Employers Can Plan for COVID-19 Reemergence and Business Continuity,” focuses on four critical issues that business owners must navigate to be successful during this critical time.
You may download our new e-book by completing a brief form.
For more information about cybersecurity and fraud prevention during the COVID-19 pandemic, please contact Jason Cope at 214-635-2508.
If your business needs assistance during this challenging time, the Business Advisory Group at Goldin Peiser & Peiser can help you determine the best course to take. Contact us at CARETeam@GPPcpa.com.
Note: This content is accurate as of the date published above and is subject to change. Please seek professional advice before acting on any matter contained in this article.