10 Tips on how to protect a newly distributed workforce from cybercrime during the COVID-19 era
With so many people now working from home, executives must prioritize a process for enhancing cyber security under the “new normal.” For many countries, it appears the Covid-19 crisis will continue for the remainder of 2020 and into 2021. As such, companies need a sustainable long-term solution to build their cyber defenses.
Compounding this challenge, in the short time since the COVID-19 crisis reached global pandemic status, large numbers of malicious actors have attempted to benefit from it. Some of the most prominent scams directly capitalize on people’s interest in virus information. These include email phishing attempts that look like official statements on the virus and purport to come from organizations like the Centers for Disease Control (CDC), the World Health Organization, or national government health departments – including those in ASEAN – while in fact employing links or attachments containing malware designed to steal user and company data.
Disguised mobile apps such as CovidLock have also become common. CovidLock claimed to track the spread of the virus, but in fact locked phones unless a ransom was paid. The creation of similar apps in disguise escalated to the point that Google has now disabled searches relating to the virus in its Play Store. Coronavirus-related website names are 50% more likely to be malicious, such as those which track the virus on maps but also exploit browser mapping permissions to install malware and spy on users through their cameras and microphones.
The following are steps all companies can take to improve cyber security, even while employees are distributed away from the office.
1. Install business-caliber security software on all company computers and servers, and provide it for employees using their own devices. Ensure that this software is genuine, up-to-date, and active at all times. The software should allow remote erasure of sensitive data in case the device is lost or stolen. While malware may still be downloaded even with such software, as long as it is a known threat it will most likely be detected and quarantined immediately.
2. Conduct all company communications through a single platform designed for business security. While Zoom and Skype are common, their consumer versions are less secure than a business-grade program like Microsoft Teams.
3. Limit administrator permissions for those borrowing company devices to prevent installation of unapproved software.
4. Perform an audit of all company devices to ensure that software is fully licensed, legally acquired, and up to date. Unlicensed software is not automatically updated, so it often has security holes that have been patched out of current versions. Additionally, pirated software is sometimes bundled with malware or designed to lack essential security protections.
5. For company communications, use only software that employs end-to-end encryption. This ensures that your communications can only be decoded by yourself and the intended recipients, and messages are not stored in readable form on outside servers.
6. Invest in a business-caliber VPN to be used by all remote employees and require it to be activated before they can connect to the company network.
7. Regularly back up all company data to secure, encrypted servers.
8. Use multi-factor authorization to ensure that employees are who they say they are, rather than hijackers or thieves.
9. Use secure cloud storage for company files, so that employees never have to download email attachments.
10. Create an incident response (IR) team and put plans in place for potential crises such as malicious attacks and data breaches. Have the team practice and test the incident response plan via simulations or exercises. According to IBM, these are the first and third mitigating factors that decrease the cost of a security breach, for an average savings of $680,000.
If ASEAN businesses want to reverse the trend and protect themselves from malware, they will have to dramatically change their current practices. A new ebook from BSA | The Software Alliance can help. Download “Covid-19 and Cyber Threats in Southeast Asia” by clicking the link below.