Cybersecurity and teleworking, have you thought about its importance today? A strategic and operational issue for companies and their dependence on technology makes good cyber hygiene crucial.
Thus, and taking into account the current global pandemic in which we find ourselves, teleworking has been essential for the continuation of business, prosperity of companies and the consequent financial stability of many families. But, have the vast majority of companies prepared themselves and their telecommuting employees, for the cyber security of their systems and equipment?
What has changed?
The emergence of COVID-19, has led cybercriminals to become even more aware of new digital trends and their vulnerabilities, since telecommuting, outside the physical context of companies, makes systems and information management more fragile and consequently more exposed to possible attacks. The whole peculiar pandemic situation that we are experiencing on a global scale has boosted the emergence of new ways of working and that had to be implemented by companies in a quick way, without the proper or any precaution in terms of cyber security, not only of their systems and equipment, but also in the training and “awareness” of their employees on the subject.
Experts point out that teleworking has exponentially increased the level of risk, and many company employees are not sufficiently informed on the subject, and many even use personal equipment for professional purposes. This massive adoption of telecommuting has created great pressure on IT teams, which also represents an increased risk for companies.
According to the National Cybersecurity Center, employees are often unintentionally responsible for cyberattacks on their companies, and, very often, this responsibility results from carelessness.
Studies by Forcepoint and Broadcom from 2018 show that in 77% of cases, responsibility for data exposure is attributed to someone inside the company, and that the data most vulnerable to insider threat is confidential business information, among them customer data.
What effect does the pandemic have on Cybersecurity?
According to Pedro Samuel Pires, responsible for the Cybersecurity unit at Fujitsu Portugal, “the pandemic was a perfect event to test the resilience and preparedness of companies when it comes to security. According to him, several technology teams have been working to maintain essential business functions, however, in extreme and unexpected conditions like the ones we’ve been through. Ensuring good cybersecurity practices is not always an easy task.”
There have been some attacks on large companies worldwide, such as pharmaceuticals, directly linked with COVID-19. One of them, the European Medicines Agency (EMA) or Johnson & Johnson, and others reported by Microsoft, in several countries around the world.
As an example, and one of the cases that well demonstrates the level of professionalism of hackers, is the attack on FireEye, one of the largest cybersecurity companies in the United States. The company’s CEO, Kevin Mandia, believes that this is a state-sponsored attack, given the “discipline, operational security, and techniques” used. These attackers operate clandestinely, in operations that manage to bypass the company’s own security tools.
The crisis phase we are going through boosts cybercrime, since hackers take advantage of the general confusion to exploit human weakness. Numerous phishing attacks related to Covid-19 have been detected recently. Here attackers aim to steal access credentials and gain access to company systems. In these cases, hackers use the identity of senior executives to send links and infected attachments to employees; these emails, when sent by superiors, make employees not suspicious, giving the attackers access to data.
Security in Teleworking
It is often difficult to control everything that goes on inside organizations, and many people are not yet sufficiently aware of this issue, nor of the level of importance of data security of their organization, since not only the company is affected but also their own customers and business partners, also affecting the confidence and credibility of a whole range of stakeholders.
Now that telecommuting is here to stay, we’ve put together some guiding principles to help organizations keep business operations functional and address critical security risks:
This is the first, and one of the most important steps. The possibility of success will always be greater when organizations educate their employees of the procedures to take in terms of internal communication, and who is authorized to send information, especially in times of pandemic.
Ensure reliable and secure network access
This is a critical point, as all employees need access to resources in order to do their jobs. All unauthorized devices and users should be off the network, maintaining vigilance at all times; employees should only use tools and applications approved by the organization, and only authorized devices should be able to access the company network.
Strengthen the company’s access data
Informing employees of the importance of never using the same passwords, at home and at work, is key. Passwords should be strong, effective, and two-factor authentication or public key infrastructure (PKI) authentication should be used whenever possible.
It is very important to know how to respond in case of an incident, but more important than knowing how to respond, it is essential to know how to plan a strategy and prevent these incidents from occurring again or in the future. When re-evaluating telecommuting policies, organizations should have a “zero trust” mentality, adding every kind of control necessary and possible, as well as improving security systems.
Protect audiovisual communications
With the increase in the amount of video conferencing calls and other virtual collaborations, it is very important to monitor all employees participating in the calls, and through high sensitivity calls, organizations should consider using a service with a waiting room, so they can control the start of the call, who answers and who speaks.
General rules that everyone should be aware of
There are many practices that ensure better individual data protection. These include:
- Always browse HTTPS websites;
- Ensuring that home Wi-Fi has a strong, secret password that is changed regularly;
- Not opening emails or SMS, or clicking on unknown links or attachments;
- Encrypt sensitive communications;
- Preferably use devices authorized by your organization and, if you lose them, a duty to report this to the cybersecurity officer;
- Use only reliable USB sticks;
If you had the opportunity to read our previous articles, “What is Cybersecurity” and “Cyber attacks and best practices“, you will already be aware of the importance that Cybersecurity has nowadays, both for companies and for anyone who uses the Internet daily.
CRISPUS, a Pelican Bay brand, has the best cybersecurity solutions for your organization’s online presence – website, online store or internal network – safeguarding the confidentiality and integrity of your business.
We are committed to protecting your company from
Compromise and theft of information;
Unauthorized access to your systems and network;
Loss of credibility and financial implications.
We offer a first Audit for a risk analysis and assessment of possible vulnerabilities in your company’s cyber security, without any commitment. Contact us!