The spread of COVID-19 has changed the IT process for many organisations, the main change being employees working from home at a much larger scale than ever before. The move from a trusted organisation IT environment to working remotely via home or public networks can create security risks that were not previously top of mind.
Phishing and malware attacks using COVID-19 in subject lines and content have increased significantly, with attackers taking full advantage of the fear and public interest surrounding this pandemic. These nefarious individuals are using various tactics to compromise user credentials, payment information and other data that can be monetized.
Below are some tips to help users stay safe when connecting online from home:
- Make sure your home Wi-Fi connection is secure by using WPA2 encryption, which is recommended for home networks. While most Wi-Fi is correctly secured using WPA2, some older installations or equipment may not be — i.e., using WEP encryption, allowing someone with basic hacking tools to access your network.
- Be careful when opening and clicking links to emails about COVID-19. You can hover over hyperlinks in emails to verify they are going to the anticipated site. If you are unsure of the sender, treat this as a phishing attempt. Notify your IT helpdesk immediately.
- If you are accessing company confidential data remotely via cloud storage (for example, Dropbox, BOX or One Drive), make sure that you follow your company’s procedure in accessing data.
- Ensure that you are following your organisation’s backup strategy by saving important files on the locations covered by your IT backup policy. Important files should be backed up regularly. In a worst-case scenario, if you become a victim of ransomware, your data can be retrieved from backup storage.
- Make sure you are using a secure connection to your work environment via a virtual private network (VPN). A VPN provides increased security by encrypting the line of communication between your device and your work network.
- Check to see if you have encryption tools installed. Encryption helps prevent unauthorized access to the data on devices. Data is encoded in a manner that makes it difficult for unauthorized people to decipher. This can be especially important in case of a lost or stolen device, as it helps prevent strangers from accessing your data without the encryption key.
- Use strong password protection and authentication. Strong passwords contain at least eight characters and include numbers, symbols, and capital and lowercase letters. Changing passwords on a regular basis is also important.
- If your company offers the use of multi-factor authentication (MFA), take advantage of the technology, as this grants an additional layer of protection.
Unfortunately, remote user security from home does not come down to following one set of guidelines. Protections can vary from situation to situation, and using your best judgement becomes crucial. By becoming more aware of where and when to access company data, and how to do so safely, you can help ensure that sensitive company information is always protected.
This article was written by Armanino LLP, an independent firm associated with the Moore Global Network. © 2020. All rights reserved. Used with permission.