The COVID-19 coronavirus pandemic suddenly meant that working from home was the new normal for people in many parts of the world. Stay-at-home orders and widespread lockdowns often closed all but essential businesses, while authorities said companies had to set up remote workforces or temporarily close.
These changed circumstances caused increased internet network security risks, particularly due to the nature of a distributed workforce. Here are some strategies for IT professionals and businesses to keep in mind to reduce cybersecurity threats during COVID-19.
Phishing Emails Becoming More Widely Used
Cybercriminals love to capitalize on urgency to encourage victims to act. The massive scale and severity of the COVID-19 crisis put many people on edge, and malicious online entities use that to their advantage.
A study from Barracuda Networks identified a 667% spike in spear phishing attacks since the end of February. Scam attempts comprised 54% of the efforts, while brand impersonation attempts represented 34% of the identified instances. The researchers also confirmed that the culprits often make the phishing correspondences relate to COVID-19.
The aims of a phishing email range from obtaining someone’s credentials to convincing them to download malware. Network security professionals should remind workers of how they may be even more likely to receive a phishing email these days.
They should explain how reputable parties will never ask for their credentials. Also, discuss how workers should contact their employers by phone to verify the legitimacy of an email requesting immediate action.
Employees Should Practice Good Password Hygiene Wherever They Are
People logging into a workplace network from their offices may have network cybersecurity safeguards in place, such as a tool that forces them to change their passwords every month and always choose strong, hard-to-guess new ones. While at home, however, people may use personal devices to accomplish work tasks. Or, they may think there’s no need to abide by the same cybersecurity rules in their abodes.
If businesses have people working at home, they should remind them of the smart steps to take regarding passwords. For example, remote workers should not share passwords with each other, even if they believe doing so would help them get their duties done faster. They should never screenshot a document containing passwords or take similar actions that could increase the chances of an unauthorized person seeing the details.
Another practical step to stay safe online while working from home involves setting up multifactor authentication (MFA). Then, even if criminals get access to a password, they don’t have everything necessary to gain entry.
Teleconferencing will likely become a part of the daily schedules for many people working during COVID-19. They must take the time to set up passwords for each virtual meeting room and distribute the information to all attendees. An unwelcome party could otherwise enter the meeting room to create chaos or eavesdrop to learn confidential information.
Software Updates Are Crucial
A network security trend that gained prominence before now but remains true today relates to the use of Internet of Things (IoT) devices for business. Predictions expect there to be 26 times more IoT devices than people this year. Many companies are taking advantage of the conveniences of those devices, which is a good thing.
However, if they have people using IoT devices to access work-related content remotely, it’s essential that users keep those gadgets updated with the newest software. Companies may wish to distribute a guide with screenshots to teach people how to download the latest offerings for the devices they use while working.
Outdated software on a device can make it easier for a cybercriminal to break into the gadget and interfere with its functionality or steal stored information. A person who typically uses IoT devices at work is likely not in the habit of independently installing updates because they let IT staff members do it for them. However, they may now need to take more initiative regarding network cybersecurity, especially while working from home.
Identity and Access Management Can Boost Internet Network Security
Beyond instructing workers on how to secure the devices they use to access a workplace network and maintain the secrecy of their login credentials, network security professionals should investigate how they could tweak current identity and access management (IAM) strategies used at a business.
For example, a company could use hardware or software tokens to secure privileged accounts. Network security professionals should also verify IAM specifics to ensure a person can only see and use the workplace tools or resources directly relating to their roles.
The Evolving State of Network Security
The coronavirus pandemic forced people to adapt how they socialize, shop and more. Tightening network security during this time means changing in other ways by staying aware of emerging risks and responding accordingly.
Kayla Matthews writes about cybersecurity and technology for publications like Malwarebytes, Security Boulevard, InformationWeek and CloudTweaks. To read more from Kayla, visit her blog: ProductivityBytes.com.