By Martin Royal
While taking care of our health and safety during the COVID-19 crisis is the priority, many will find themselves working remotely for the first time and might face other potential threats: cybersecurity threats.
Cybersecurity threats aren't breaking news to those of you who are used to work remotely, on-the-road and in public areas. However, the firm McAfee has already identified and reviewed multiple reports that suggest the COVID-19 crisis is being used as a bait with criminal intent, whether it is through phishing, email scams, misleading web domains, malware, etc. For cybercriminals, this crisis can be an opportunity to tap into a large number of individuals who find themselves working remotely on potentially unsecured devices and who may not be familiar with safe cybersecurity practices.
McAfee - Staying Safe while Working Remotely
What can you do to prevent cybersecurity frauds?
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has highlighted simple precautions for individuals to follow:
• Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink.
• Be mindful of social media pleas, texts, or calls related to COVID-19.
• Avoid clicking on links in unsolicited emails and be wary of email attachments.
• Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
• Verify a charity’s authenticity before making donations.
CISA - Defending against COVID-19 Cyber Scams
What does this mean if you're a business leader?
While you may have an IT policy and provide guidance on cybersecurity and privacy within your organization, your employees may be unaware of the expectations for working remotely. Here are simple steps to get you started:
• If you haven't done so yet, raise the awareness of cybersecurity threats with your employees who are now working remotely.
• Identify a couple of cybersecurity themes (start with the above precautions mentioned) and use them as discussion topics in some of your daily huddles.
• Create a cybersecurity guidance policy to highlight the cybersecurity risks your remote employees are exposed to and the different strategies they can implement to mitigate those risks.
• Review your organization's cybersecurity practices and systems for remote working to ensure they meet acceptable standards for your particular cybersecurity needs.
The SANS Institute provides lots of advice and information to help organizations understand their cybersecurity risks and best practices. You can access their Security Awareness Work-from-Home Deployment Kit to help you quickly put together a cybersecurity guidance policy.
SANS Security Awareness Work-from-Home Deployment Kit