As the current pandemic crisis has scaled across the globe, the majority of the organizations have resorted to working remotely. This opens up an organization to potential cyber threats as there is a lack of control on the employee devices and digital environment. Cybercriminals are using the novel COVID-19 issue as a base for their attacks, which includes spreading malware through files containing information about Coronavirus, fake news and even scams related to masks or cures. Remote employees should be made well aware of such threats and how to be digitally safe.
Please find below the best practices for employees working remotely.
- If VPN is used to connect remotely from a work laptop, ensure to use strong passwords with 2FA.
- If you notice that your work machine is slow or experiencing glitches, notify IT immediately.
- If work devices are being used, ensure family members or guests do not have access to these machines.
- If you receive an email, verify that the sender is legitimate / trusted and that the email is not misspelled.
- If you receive a suspicious email from an unknown source, ensure to report it to the IT team immediately.
- If you notice a genuine sender sounds suspicious, i.e. suggesting a sudden change in bank / invoicing details, immediately escalate to IT. Do not engage further with the sender.
- If you are authorizing transactions, confirming payments or engaging in monetary discussions, ensure that the counterparty is known/verified. These confirmations should be via phone on genuine numbers.
- If you receive a social media connection request, verify the legitimacy of the account. Delete, if unknown.
- Do not disclose any of your activities or work-related matters on social media.
- Prevailing remote meeting tools (e.g. Zoom) are known to have privacy issues and may push some data to third-parties.
- Ensure that every meeting is secured with a strong password.
- Disable the option of file transfer in such remote meetings, when not required.
- It is strongly recommended to avoid using personal devices. On such devices, the level of risk is exponentially higher and there are more chances your machine may be compromised.
- Isolation and Compartmentalization if using Personal devices for work related use. This can be done via Dual Boot, Sandbox and Virtualization.
- Employees should avoid logging into their corporate emails from personal devices. If these devices must be used, ensure that they are protected with antivirus softwares, defenders, firewalls etc. Also, consider using a spyware scanner (e.g. https://privacy.net/free-spyware-removal-tools/) as a one-time exercise.
- Secure home-wifi networks.
- If your personal devices experience a lag or behave suspiciously, immediately stop for corporate use.
For further details, click the download button below!