Guiding Employees to Secure Digital Practices in the age of COVID-19

Cybercrime – including malware, phishing, and network hacking – is rampant in today’s always-online world, and businesses are increasingly targeted over individuals. The COVID-19 crisis has amplified these trends, with cybercriminals taking advantage of changes in business structures that can create vulnerabilities. Therefore, it is vital for business owners to ensure their employees know how these attacks are conducted, exactly what measures to take to defend against them, and the consequences if they fail to do so. Businesses must regularly communicate with their employees regarding potential malicious attacks, conduct training on secure device operation, and create documentation for employees to use software safely and securely, especially for new procedures related to working from home.

Safety measures for employees

1. Do not click on links, open attachments, or respond to unsolicited emails or those from unfamiliar senders, and turn off the email option to automatically download attachments.

2. Do not insert a USB drive or SD card into your device unless you know its exact origin.

3. Read messages and check the addresses carefully, even if they seem familiar. Clever impersonators may use an address that is just one letter different.

4. Avoid visiting unfamiliar websites, especially on company devices. If you don’t know the site, search for it rather than following a direct link.

5. Do not reveal personal or company financial information by email.

6. For any email that requests payment or important documents, contact the sender through other means to double-check that they sent it.

7. Check for COVID-19 information from news sites and official government sources rather than via email.

Blocking Zoom Bombing

The move to working at home has seen a rise in “bombing” of video meetings by internet trolls. These uninvited invaders seek out unsecured video conference rooms using consumer apps such as Zoom, and enter them to expose the users to obscene language or videos. The same technique can also allow unauthorized persons to share malware in chat or simply listen in and discover confidential business information. Here are some tips to stop them:

1. Protect your video conferences with passwords or access codes and change them regularly. One-time codes may even be necessary for particularly sensitive meetings.

2. Turn on notifications for all attendees who join the meetings.

3. Turn off screen-sharing privileges for those who do not need them.

4. Create a specific chat room or waiting room for the host to approve before the meeting begins, and lock the meeting once all participants are in.

5. Request that participants outside your organization join your secured meeting using software with end-to-end encryption.

6. Use business-grade software. Microsoft Teams, for instance, has many security options enabled by default, encrypts all communications, and does not allow new participants after a meeting has begun.

If ASEAN businesses want to reverse the trend and protect themselves from malware, they will have to dramatically change their current practices. A new ebook from BSA | The Software Alliance can help. Download “Covid-19 and Cyber Threats in Southeast Asia” below