The spread of COVID-19 has pushed many of our employees to working from home creating a gap in cybersecurity protection. Cybercriminals are exploiting COVID to target individuals working from home as a way to access their company’s data and assets.
How Cybercriminals Are Exploiting COVID
According to WeForum, COVID has led to the creation of more than 100,000 new COVID-19 web domains, many of which are malicious or suspicious.
Cybercriminals are taking advantage of our need for information when working remotely. These cyber-attacks are nothing new, but the shift to remote work environments is allowing the attackers to now focus more on the home work environment which historically is less secure.
- Cybercriminals are sending COVID themed phishing emails that claim to have official information on the virus in order to lure individuals to click on malicious links that downloads remote access tools onto their home devices.
- Cybercriminals are hacking into personal networks and attempting to steal data from open devices. Many users working from home have not applied the same level of security standards on their personal networks, in comparison to their corporate environment.
- Cybercriminals are targeting video conferencing as well. Applications like Zoom are being targeted. Attackers are joining calls, copying information, and sharing unsettling images to users.
How Do You Protect Your Remote Workforce
- Promote a company culture of cybersecurity:Business leaders should work with IT at ways to further protect the most sensitive and business critical information including, if needed, increasing the company’s security posture by adding additional security tools such as ongoing employee training. They also need to ensure that the C-suite and IT promote and support all employees practicing effective and possibly new cybersecurity policies and processes.
- Inform your employees:Periodic reminders of good password hygiene and being wary of phishing attacks will keep employees engaged and secure during these critical times. Once again ongoing cyber security training will help with this. We send out Tip Sheets as well.
- Add additional security tools: Additional security tools can harden your defense; automatically alerting and responding to suspicious behaviors to keep your organization secure. We recommend implementing DNS filtering and Managed Incident Response through a USA based security network operation center putting expert eyes on your network 24x7x365.
- Secure your conference calls:When hosting conference calls, make sure you can managed the access and your attendees. Your conference call vendor should have security recommendations that you can be easily applied. Use one-time meeting codes as opposed to regular meeting codes. Utilize waiting rooms so you can manage who is allowed in. Utilize passwords for meeting access.
For more information please contact Platte River Networks 303-255-1941 or david@platteriver.com