Hackers and attackers feed on our fears. Anything that escalates our anxiety is their weapon, which is what makes the current pandemic of COVID-19 prime time for cybercriminals to try and trick people into giving their money to the wrong people.
In one such instance, cybercriminals have been found exploiting the Coronavirus condition to distribute mass emails posing as legitimate health organizations. According to a guidance issued by the US Secret Service around coronavirus related phishing scams, victims received an email apparently posing to come from a medical enterprise that included attachments allegedly containing information regarding the virus.
This led to two consequences:
What happens when all of your employees work remotely? More and more organizations are issuing notices to their staff, giving them the option to work from home with any support they can provide to reduce the risk of infection to their people.
While keeping your employees safe is the most important call of the hour, you still need to ensure your sensitive data stays protected.
Large corporations with huge emergency funds can issue personal devices to all their work-from-home employees, but that’s not necessarily the case with smaller businesses. These companies will have to accept work from their employees’ personal devices.
This is similar to a Bring Your Own Device setting, but in a much less secure network environment. These external devices lack proper security arrangements and might pave the way for attackers to bounce hacks through home networks.
Moreover, companies can’t ask each employee to deploy an EDR at home due to strict regulations (GDPR, contracts, etc.) and potential tech issues.
If you’re a business quickly rolling out cloud services, you might want to double-check your security settings. In haste, cloud solutions can expose a business to a variety of threats.
The physical security of a remote worker’s laptop or PC is another challenge. If the device gets stolen or compromised, the data residing on it is also at risk.
It’s also critical to consider that all devices are free of any vulnerabilities and are regularly monitored. Insider threats might also pose a huge risk to your organization as some employees might exploit their newfound freedom by, for instance, accessing intellectual property without being seen.
Another challenge is that of the big vulnerability of sensitive data passing through insecure WiFi networks. Let’s see what you can do to fend off these issues or keep them at bay.
In order to minimize the risk of a cyberattack through work-from-home employees:
Over 4,000 COVID-19 themed websites have popped up since January, with the estimate that 5 percent of them are suspicious and 3 percent malicious. These websites are likely to be used as part of email campaigns to lure victims into clicking on spammy and phishing links.
If we missed any interesting security topics here, feel free to add them in the comments of our post.
Together, we can do it.