On 11 March 2020, the World Health Organization (WHO) officially declared the Covid-19 a pandemic.
In the weeks preceding, with increasing numbers of cases being reported worldwide, many organizations have already put in place ‘work from home’ policies to mitigate the risk of the disease on their workforce and business. Looking at the weeks and months ahead, as the world deals with the spread and uncertainty of this pandemic, increasing countries and regions are expected to implement actions ranging from complete lock downs, declaring state of emergencies or at the very least maintaining a Disease Outbreak Response System Condition (DORSCON) Orange alert level. This will mean that the numbers of people who choose or are required to work remotely will increase exponentially.
Cyber attacks have been increasingly more widespread and devastating. Whilst hackers previously targeted larger corporations, small and medium enterprises (SMEs) are today equally, if not more vulnerable. As many SMEs have not invested in adequate cyber protection, they are easy prey. With Covid-19 declared a worldwide pandemic, we can expect a much increased proportion of the workforce working remotely in public spaces or from home. These locations typically have less or no preventive layers of cyber security (compared to an office environment) and cyber attackers will surely be vigilent to more opportunities to cause damage.
Individuals and companies who have staff working remotely need to set up additional protocols to safeguard against cyber attacks. The following are some security tips that should be adhered to:
- Avoid using public WiFi
Connecting to public WiFi exposes the user to substantial security risks. With no firewalls between users, an attacker can easily gain access and hack into other systems or devises connected to the WiFi.
Instead, use personal hotspot from your smartphone or personal WiFi to gain internet connection. A better solution would be to set up a Virtual Private Network (VPN) which can provide both security and a flexible connection to corporate network and resources.
- Encrypt hard disks, sensitive data and emails
Encrypt all devices to prevent unauthorized access. Ensure that all sensitive data and emails are encrypted to prevent information from being assessed should a hacker gain access.
- Only use company-issued devices and computers for work and work related matters
Company-issued computers and devices are generally more secure than personal computers and devices as the organization’s IT team would be responsible for installing and updating protective software (such as antivirus software) on these.
Where personal computers without proper cyber security software are used for work, the organization runs the risk of losing or leaking sensitive information if these devices are hacked. If a personal computer is being used remotely for work and is connected to the company’s network, the latter may be put at risk should the personal computer suffer a cyber attack.
If for practical reasons or due to resource constraints, employees are required to use their personal computers for work, the organization should provide employees access to a portal or remote access environment for online and remote work (eg by the use of Office 365) to mitigate the risk of data loss/cyber hacking and enable Data Loss Prevention tools or virtual machine access.
- Be vigilant of your surroundings
When working remotely in public spaces (such as a café or library), employees need to pay attention the people around them. Cybercriminals are keen observers and always on the prowl to steal sensitive information or passwords when they see an opportunity. Investing in a privacy filter for the computer screen will help prevent information or data being stolen by onlookers.
- Ensure that devices are kept in a safe and secure place when not in use
When not in use, company-issued computers and devices have to be stored in a secured place – eg in a safe in a hotel room. Employees need to be aware of the risk posed to an organization should cybercriminals steal or be able to access a company-owned computer. Not only could sensitive data and information stored within be stolen, a malware could be introduced into the computer to hack into the organization’s network.
- Never use removable drives that you ‘chance upon’
Hackers have been known to leave thumb drives and other removable devices near their target in the hopes that an employee may pick up for use on a company owned computer. These drives would be preloaded with a malware or malicious file that would enable the hacker to gain access to the company’s system once it is connected to one of its computers..
- Engage USB blockers when charging computers or devices in public
Where there is a need to charge a computer or device in a public place, USB blockers must to be engaged to prevent hackers from finding an opportunity to introduce malware or upload information to an external drive.
- Never leave company-issued computers or devices unattended in vehicles
Employees must not leave company-issued computers or devices in the car trunk. Cyber criminals have been known to stalk a target to steal these devices when they have been left unattended in a vehicle.
In at least the short to medium term, many more people are likely to find themselves requiring to work remotely as the world begins to recognize and respond to Covid-19 as a pandemic. This situation presents a potential goldmine for cybercriminals to exploit – from reduced cyber protection where personal devices are used for work, to more opportunities to steal company-issued device especially when these are used or being charged in public spaces. There is an urgent need to educate employees of the risks associated with working remotely and set up guidelines which every staff needs to adhere to strictly. The above security tips are intended to help companies and business owners consider and review their own risks so that they can formulate and institute policies that will mitigate the risks of having their staff work remotely in the months ahead.
Contact us today to learn more about cyber security services.
firstname.lastname@example.org OR +65 3157 2141
Responsible Cyber Pte. Ltd. I Co. Reg No: 201616321C
We will share more information and updates on regular basis, on our social media.
Follow us for updates on:
About Responsible Cyber: Responsible Cyber is a cybersecurity solution provider that launched in 2016, with their head office in Singapore. The company specializes in creating products targeted towards the small and medium sized companies looking for effective and affordable solutions. For more information, please visit https://responsible-cyber.com. For business inquiries, please contact Responsible Cyber.