Cyber Security During Lock down

Avinash Kumar Avinash Kumar

Avinash Kumar

Published Apr 19, 2020
+ Follow
No alt text provided for this image

The ongoing global lock down due to Corona virus epidemic is forcing us to work remotely. While our employees are trying to maintain work life balance and meet their targets and deadlines, this lock down is turning out to be exceptionally long and stressful. We are also seeing an increased number of cyber attacks as everyone is accessing their corporate networks from minimally or less secured home networks and vulnerable end points. With restricted movements during the lock down period, a successful cyber attack can cripple the entire organization and completely stop its normal, day to day functioning.

 

Therefore, we at Sherpas Cyber are releasing the below guidelines to organizations and enterprises. The guideline is covering every aspects of a remote workforce and should be strictly followed to remain safe and protected in case of a cyber attack.

I – General Precautions:

Educate your workforce about:

·        The heightened risk that will unfortunately arise from corona virus related scams.

·        Let them understand that they should not open any suspicious emails, especially the ones which are related to Corona Virus (COVID 19). Hackers are exploiting the heightened eagerness and curiosity of individuals to compromise their devices and network. Have a look at the guidelines published by WHO regarding the same: https://www.who.int/about/communications/cyber-security

·        Store work related information, documents, and files only on organization’s approved storage solutions which meet the security requirements of multi factor authentication, encryption, and having strict access controls implemented to protect your data against all types of security threats.

·        They should keep their laptops within their physical control, and their screens hidden from others.

·        They should use a dedicated area inside their home for conducting their office work which should offer some privacy and have restricted or minimal access.

·        They should never provide login credentials in response to an email request.

·        Not to use personal email accounts to transmit work information.

·        Not to transmit or store work information on their personal cloud storage accounts.

·        Not to leave written corporate materials in shared or unsecured locations.

·        Even when at home, lock screen or log off when not using the device or network.

·        To use strong passwords and ensure they are required to constantly change them.

·        Not to use public Wi-Fi for work related activity.

·        Implement two factor authentication while accessing sensitive data/application/network.

 II - Securing your Devices and Data:

Organization provided devices:

1.      If your entire workforce is working on organization’s provided devices, ensure that the VPN and Intranet login password is updated frequently. This could either be done by individuals or by the network administrator. Setup a mechanism to remind them to reset their password periodically. A simple email reminder will suffice.

2.      Ensure that the personal firewalls and antivirus software is updated, and an automatic virus scan should be scheduled regularly.

3.      Any software or operating system related security patch should be installed immediately.

Personal Devices:

In most of the cases, issuing a laptop to each employee is neither feasible nor practical. Thus, your employees would have no other option but to use their personal devices (Laptops, Desktop) to continue their work. If your organization does not have a BYOD mechanism and corresponding implementation, this could be a nightmare.

·        Take regular backups which should be stored within organization’s network and properly encrypted for security purposes.

·        Uninstall all unnecessary software which are not required for fulfilling your work-related commitments.

·        Cease using the device for any other task apart from regular office work.

Important: Under no circumstances, storage of organizational data on devices or cloud storage accounts should be allowed. Work related information, documents, and files must be stored only on organization’s approved storage solutions which meet the security requirements like multi factor authentication, encryption with strict access controls and security workflows implemented to protect your data against all types of security threats. 

III - Email Security:

Majority of cyber attacks originate from emails. While working from home, individuals often lower their guard and alertness as they are at a familiar place surrounded by family members. Often, this lack of alertness can have devastating impact. Therefore, educate your workforce regarding how they can identify phishing attacks. Below are few clear signs of an email phishing attack:

  • Links inside email - do not click on any links right away in your emails. Hover the mouse over the links and the email senders address to verify that it has been sent from an authentic user
  • Attachments inside email - If you receive an email with an attachment from someone you do not know, or an email from someone you do know but with an attachment you were not expecting, don’t open the attachment. Contact the person who sent you the message and ask them to confirm that the email and attachment are legitimate.
  • Creating Sensation or Threat – Email trying to create a sense of panic or pressure to get you to respond quickly are often scams. Beware.
  • Altered web addresses. Emails containing web addresses that closely resemble the names of well-known companies, but are slightly altered; for example, “www.google.com” or “www.goggle.com”.
  • Incorrect salutation of your name, mismatches in the link text and the URL, bad spelling and incorrect grammar are some other signs.

IV- Secure Collaboration:

With the recent security vulnerabilities found in Zoom app, an extremely popular video conferencing tool, it should be avoided, if possible.

To read more about Zoom’s security concerns - https://www.cnet.com/news/zoom-every-security-issue-uncovered-in-the-video-chat-app/

While choosing a video conferencing all, an app offering end to end encryption can be evaluated and proceed further with. Signal messaging app could be an exceptional replacement. Telegram is also a good option but only offer chat feature and voice calling. Other apps like Cisco’s WebEx or even Slack video calling features can be evaluated.

With this, we are hoping that this lock down should not stop your organization and your workforce from being productive and by following the above provided guidelines, your organization’s data remain, safe, secure and adequately protected.

To view or add a comment, sign in

More articles by Avinash Kumar

See all articles

Explore content categories