How businesses and employees can protect themselves online in this pandemic

How businesses and employees can protect themselves online in this pandemic

13th August 2020 0 By Jamie Francis

As we surf around the challenges caused by COVID-19, the prominent steps are to somehow stop the deadly spread of the pandemic. The foremost step taken was to halt everything and protect ourselves with things like PPE (click here if you need to get hold of some) and social distancing. Furthermore, many places were placed under stay-at-home restrictions, meaning hundreds of thousands of organizations had to come up with a working from home policy. Employees are all working from laptops on their beds and business meetings are all taking place virtually and mostly in pyjamas, but with so much online now, we must keep in mind employees’ security.

Many cybercriminals are seeking opportunities to invade. Apparently, the attackers are utilizing COVID-19 phishing emails, which offers to deliver important information but actually it plans to lure and make them click malicious links.

It is quite different from another form of email attack called business email compromise. Put simply, this email attack has been known to incorporate the use of impersonation to steal money from unsuspecting victims. As well as this, it also employs conversational techniques that are used to build trust between the attacker and their target. Unfortunately, this happens more often than we think, and is just as dangerous as the new method of sending COVID-19 phishing emails.

Recently, there are reports regarding various malicious COVID-19 information themed Android applications that allow attackers to access smartphone data or even encrypt devices. During the pandemic period there are more than 100k new COVID-19 web domains, which could be malicious.

Cybercriminals are taking advantage of the home networks as the security gaps are easily found in them. The corporate data which was hidden under encrypted and secured networks was now loose. However, the companies purchased new devices and laptops to keep the security quotient high, yet the radical outspread left the job incomplete.

Both businesses and employees play a critical role in securing their organization against cyberattacks. But, the current situation has disrupted the security chain.

What can businesses do?

Companies have improved responsibilities to clearly set expectations for managing security risk in the new normal situation by leveraging new technologies and policies. Here are a few suggestions for businesses.

Understanding the threats for the organization is the key ingredient for the treatment. The management should work along with the security teams in order to identify the risks. Also, make sure that protection of sensitive information and critical applications isn’t compromised.

Communicate clearly with the teams. The work from home policies should be clear and must have an easy-to-follow routine so that remote working remains secure. The said routine should include instructions and clearer relationships with internal security teams to keep a tight check.

Allow and give right security capabilities. Business managers should make sure all corporate devices are well-equipped with security capabilities. Here the few capabilities we are talking about:

  • An ability to safely connect users to the business-critical cloud along with on-premise applications, like video teleconferencing, time tracker etc.
  • Endpoint protection including VPN with encryption on all devices and laptops.
  • Ability for multi-factor authentication (MFA).
  • Ability to block malware and work on automated threat intelligence.
  • Ability to filter unsecure domain URLs and conduct DNS sinkholing to eradicate common phishing attacks.

What can employees do?

Employees must be empowered to bind with the guidelines provided by organizations subject to preventative measures.

Password management should be intelligent. All employees must use complex passwords as well as multi factor authentication.

Keep updated systems and software. Employees should always install updates and patches in regular intervals including mobile devices or any non-corporate devices used for work.

Secure Wi-Fi access points. Individuals should keep switching passwords and default settings to reduce the potential attack impact while connected with other devices.

Make use of the virtual private network (VPN). VPNs create trusted connections between organizations and employees to ensure ongoing access of the corporate tools. Along with that, corporate VPNs additionally protect against phishing emails and malware attacks similar to the firewalls function in the office. These AlwaysVPN reviews will help you and your employees find the best VPN for them to use.

By adopting these relatively easy and straightforward steps both enterprises and employees can help in common security risks. We should never forget that the threat is not static meaning it is important to be vigilant against unnecessary additional costs and distractions.

Infographic created by Donnelley Financial Solutions, an ESG data reporting company