COVID-19: Work from Home May Increase Cyber Threats
As the Prime Minister Muhyiddin Yassin has ordered a partial lockdown of all public activities in the country from March 18 until March 31, it forced the closure of all government and private premises except essential services. Due to the Movement Control Order, companies are determined to protect their employees and minimize the impact of COVID-19 by enforcing work from home policies. However, those actions can be used against employees as any firms are likely unprepared for the criminal appetite for the cyberattack exploitation of a remote workforce. Here are some of the key issues of which companies have to be aware and steps that should be considered to minimize the risk to keep everyone and important data at safe.
TechRadar reports fraudulent outbreak maps are being used to attract unwitting victims and then deliver malware through various well-test tactics. ThreatPost is reporting two Coronavirus-themed campaigns that use PDF and Microsoft Word documents to deploy remote access tools (RAT), clipboard-copying, keystroke logging, desktop image capture, and a cornucopia of malware. CheckPoint security discovered another Coronavirus-themed campaign targeting Japan that delivers the reigning champion of credential harvesting Emotet.
As workforces practice social distancing to work from home, the risk of attacks against corporate remote access systems rises. The criminals target employees to harvest their VPN credentials as a backstage pass to corporate assets. There are some controls and practices that companies should implement to protect themselves during times of chaos and uncertainties.
Keep your employees informed
The easiest way to minimize risk is to keep the employees informed about Coronavirus-related scams, phishing schemes and fraudulent websites. Your employees should be getting their information, not social media sites or other potential sources of misinformation or exploitation. Companies should update weekly to reinforce company policies, security protocols and clear lines of communication.
Use protected and trusted internet connections
Laptops should always be deployed with privacy screens. Employees should only connect to trusted, password-protected internet connections, such as home Wi-Fi and avoid public hotspots which can be spoofed.
Protect your endpoints
Most companies are well protected within their office spaces, but their mobile endpoints, like laptops and smartphones are only protected when inside the firewall. Companies should deploy unified endpoint management (UEM) to regulate open ports and unwanted traffic to avoid cyber threats.
Manage BYOD devices
If the employees are allowed to use personal devices, deploy enterprise device management (EMM) or mobile device management (MDM) tools that provide layers of control to minimize access from personal devices, and enforce security controls on the devices themselves. Employee devices to be running the latest manufacturer software updates prior to permitting access to any remote systems.
Ask for a demo from us today.
Sourced from here.