The COVID-19 pandemic has been filled with a plethora of information and misinformation campaigns, and wherever there’s confusion and uncertainty, hackers and scammers are bound to thrive.
Additionally, with more people working from home due to COVID-related restrictions, new cybersecurity loopholes have emerged. These are primarily from remote unsecured connections to workplace infrastructure.
Some of the most popular threats during the pandemic include:
- Face mask and sanitizer scams
- Email and SMS phishing
- Ransomware attacks
- Contact tracing scams
Here are some ways in which you can protect yourself and your organization from cyber-attacks during the pandemic:
The first step is of course to identify all the ways in which your working processes have changed. How many new devices are logging into work systems? Which new organizations are you collaborating with or receiving information from?
Once you have discovered all possible threats, especially mobile devices, you can then compare their security levels to those exercised at your workplace prior to the pandemic.
Install Threat Defense Measures
If you have software (antivirus, anti-malware etc.) protecting work computers, ensure you obtain and install the equivalents on all mobile devices. If employees are using personal devices, you will likely need additional stipulations for how they can access data.
Defense goes beyond just installing protective software, so here are some other ways to boost your security and educate employees on how to do the same:
Revisit Browser Settings
Go to your browser and look for all add-ons/extensions/pug-ins. Disable or remove any that you do not need or use. Check your cookie settings to make sure you’re not voluntarily giving websites unnecessary access and clear your cache regularly.
If you have any passwords and other login information saved by the browser, delete it and disable the save setting. In some cases, it is advisable to switch browsers completely and upgrade to a safer alternative.
Use Multi-Factor Authentication
For your email address and other accounts where 2-Factor authentication is supported, ensure that you enable it. This adds an extra step to access your account and can keep those who might obtain your username and password out.
You should also list all the devices you’ve used to log into accounts and delete those you no longer use, or whose security you can’t vouch for.
Register with Spam Filtering/Email Monitoring Services
While you may already have filters from your email provider in place, these may not be enough for new COVID-related phishing messages. Consider signing up for a spam filtering service where you can add multiple email addresses.
These services offer larger databases that are more regularly updated, so this makes them more likely to catch new suspicious emails.
Get A Password Manager
With a tool like this, you can keep all your account passwords secure in one place. On top of having a general password to access them, you can also add multi-factor authentication to it.
A password manager will also come in handy as you should constantly change passwords and allows you to safely keep track of them.
While these practices are suitable for personal devices, there are extra measure you can put in place for the larger organization’s network:
- Put in place a terminal services portal and restrict cut and paste actions.
- Create a whitelist for recognized IP addresses to access the portal. This helps you ensure that if a worker recklessly attempts to login from a different unsecured IP address, they can’t get in.
- Use identity management technology to authenticate each connection. The best options include Azure AD and Active Directory.
- Give varied permission to different devices through conditional access policies. This can be based on device and location, employee position etc. It can also be for the more sensitive files.
Once you have secured the technology, you should proceed to teach workers how to use this software. This includes how to make updates where necessary and adjusting settings that may need occasional updates.
Another important part of training is showing workers how to identify suspicious/false messages. Ensure that they are given access to information that can be used to verify sender identity.
Additionally, it is imperative that you establish procedures for important processes like moving funds to and from accounts. Make sure everyone is aware of the conditions under which they can make a transaction or send a document. Something as simple as forgetting to check a box can result in detrimental problems.
Are you wondering whether your employees’ personal devices are as secure as workplace devices? Let the experts at ASB Resources help you set new standards and get every device in your network is up to par. Schedule a call with one of our experts today!