Coronavirus, Self-Isolation and Work From Home Security
March 20, 2020
As governments across the world struggle to contain the COVID-19 virus, businesses are being asked to allow their employees to work from home. For many people this will be the first time they have ever been able to work remotely – which could cause some serious IT security headaches for their employers.
Cyber criminals are aware of the rush – and the potential for mistakes that could let them break in. Which means you have a part to play in protecting your employer. Here’s a few tips to get you started.
Email malware is set to increase
Email is already essential for business communications. For many remote workers it will become the primary way by which they share information with colleagues.
In the coming weeks you should expect to see an uptick in fraudulent emails. Many will have malware attached, waiting to infect your computer. Some will be subtle phishing messages, designed to steal your passwords and other sensitive information.
Malware is particularly dangerous for home workers as most people will be using their own (personal) computers. These machines will not have the same security safeguards as the one they use in the office, making them less secure. If your home PC is compromised, hackers can use them to attack your company network from the inside.
You can do your part to prevent malware problems by learning to spot the signs of a fraudulent email. You should also ensure that you have an effective anti-virus installed on your computer – talk to us about sufficient protection today.
Social engineering attacks
Because the rush to adopt remote working has been so rushed, many employees will not have been properly trained in the usual protocols and procedures that protect the business. This makes them more vulnerable to social engineering attacks.
Social engineering is very low-tech – and very effective. Typically a scammer will make contact by phone or email, pretending to be a colleague, like an IT helpdesk operator. They will then ask for sensitive information, like login credentials which allow them to break into the company network.
You should always take a moment to think whenever someone asks you for sensitive information. No matter how much the caller tries to pressure you, if you are in any doubt, do not give them the details. Your employer would rather you play it safe and create a delay than give cyber criminals easy access to company resources.
Take it slow
Getting used to remote working may take a little longer than expected. You are effectively on your own, doing many of the IT security tasks that are normally handled by the IT department. In these unusual circumstances it will take you a while to achieve maximum productivity.
Cyber criminals are aware of the rush – and the potential for mistakes that could let them break in. Which means you have a part to play in protecting your employer. Here’s a few tips to get you started.
Email malware is set to increase
Email is already essential for business communications. For many remote workers it will become the primary way by which they share information with colleagues.
In the coming weeks you should expect to see an uptick in fraudulent emails. Many will have malware attached, waiting to infect your computer. Some will be subtle phishing messages, designed to steal your passwords and other sensitive information.
Malware is particularly dangerous for home workers as most people will be using their own (personal) computers. These machines will not have the same security safeguards as the one they use in the office, making them less secure. If your home PC is compromised, hackers can use them to attack your company network from the inside.
You can do your part to prevent malware problems by learning to spot the signs of a fraudulent email. You should also ensure that you have an effective anti-virus installed on your computer – talk to us about sufficient protection today.
Social engineering attacks
Because the rush to adopt remote working has been so rushed, many employees will not have been properly trained in the usual protocols and procedures that protect the business. This makes them more vulnerable to social engineering attacks.
Social engineering is very low-tech – and very effective. Typically a scammer will make contact by phone or email, pretending to be a colleague, like an IT helpdesk operator. They will then ask for sensitive information, like login credentials which allow them to break into the company network.
You should always take a moment to think whenever someone asks you for sensitive information. No matter how much the caller tries to pressure you, if you are in any doubt, do not give them the details. Your employer would rather you play it safe and create a delay than give cyber criminals easy access to company resources.
Take it slow
Getting used to remote working may take a little longer than expected. You are effectively on your own, doing many of the IT security tasks that are normally handled by the IT department. In these unusual circumstances it will take you a while to achieve maximum productivity.
In the meantime you must ensure that you are working as safely as possible. If you have any questions on keeping yourself cyber secure while working from home, get in touch with us today, we'll be happy to help.
Keep an eye on the JC Cyber Security blog for more tips and tricks in the coming weeks. We are in unprecedented times, but by working together - we can get through this! Remeber to stay safe both physically and digitally.
Follow Us
Be the first to know
You might also like
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations. So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all. In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.