Rising remote work due to COVID-19 outbreak is posing security challenges for companies
Earlier this month, World Health Organization (WHO) declared the widely spread Coronavirus to be a pandemic. This viral disease is spread across more than 114 countries and has reported 157,645 cases and 5,845 deaths as of today.
Due to this Outbreak, organizations across the world are concerned about their employees and to stop the virus from spreading they’re sending them home to work remotely.
Where the concept of remote working isn’t new and has been already adopted by some modern organizations, the scare of this coronavirus in organizations is making cybercriminals more active and ramping up with their tactics to take advantage of those who have inadequate or naive security postures implemented.
Here are some of the most recent cyberattacks/campaigns leveraged by cybercriminals to target organizations and their employees:
- Coronavirus-themed domains 50% more likely to be malicious than other domains
- Threat Actors Capitalize on Global Concern About Coronavirus in New Phishing Campaigns
- Vicious Panda: The COVID Campaign using RAT
- Kaspersky has discovered malicious files disguised as multimedia documents related to the coronavirus.
- Kr00k Vulnerability Allows Wi-Fi Packet Decryption
As you can see above, attackers can use many other different techniques to bring down organizations on their knees.
Lack of IT resources can cause organizations trouble as they move to enable remote working strategies. When employees are sent outside the traditional network perimeter, managing device sprawl, and patching and securing hundreds or endpoints, securing employee access becomes a major challenge.
We have listed some best practices for organizations and employees who are working remotely:
- Organizations should first identify their mission-critical business applications and inventory them in one place. Then, conduct a remote-work exercise with their key executives to find out security gaps and document it for further use.
- If they are using SaaS applications, follow up with the subscription service providers and inquire about their business continuity plans.
- For on-premises applications that require VPN connectivity, test and validate that VPN connectivity utilization is higher than usual.
- Maintain company-issued laptops centralized to monitor malicious activities and avoid data breaches.
- Roll out new VoIP and increase web conferencing services licenses.
- Use zero-trust security model that further embraces cloud services and enables employees to work from anywhere securely and efficiently.
- Deploy a software-defined perimeter around your organization’s network, and IPsec tunneling for encrypted remote access.
- Implement automatic Wi-Fi security with VPNs and guide employees with the best practices for connecting their devices to public Wi-Fi areas.
- And finally, educate employees with the latest information on Coronavirus (COVID-19) and also guide them on how to stay secure from these threat actors while working from home.