The COVID-19 crisis represents the perfect storm for malicious cyber attackers, who are actively intensifying their attacks against individuals and organization worldwide.
With millions of companies having their employees work from home, remote workers become vulnerable targets for hackers aiming to access company networks.
These incidents are likely to increase in frequency and severity over the coming weeks and months.
This is why it’s important for companies and individuals to be aware of the most common risks and cyber threats linked to remote work, and put in place routine cyber-hygiene practices to strengthen the security of your company.
What is it? A type of online scam used by cyber-attackers to steal confidential information, such as passwords, personal data or bank information.
Mode of action: Hackers disguise themselves as a trustworthy entity to send their messages, which can be delivered by emails, SMS, chats, social media or other digital communication mean.
Potential risks: Hack of professional accounts, intrusion into company networks, ransomware, fraud, etc.
What is it? A type of malicious software designed to block access to a computer system or computer files until a sum of money is paid. This type of attack is often followed by data theft and destruction of backups.
Mode of Action: The attacks often spread through phishing emails containing malicious attachments, or through drive-by downloading amongst other ways.
Potential risks: Business downtime, data loss, etc.
What is it? The act of breaking into a corporate network or external hosting system to steal digital information with the intent to compromise privacy, reselling confidential data or damaging a company’s image.
Mode of action: As with ransomware, these attacks often happen through intrusion into a company network or hosting systems via remote access, or even by compromising an employee’s equipment.
Potential risks: Business activity disruption and damage to the company’s image.
What is it? A type of fraud where a cyber attacker usurps an identity with malicious intentions, such as requesting a money transfer (exceptionally and confidentially), or a change in the payment details of an invoice or salary.
Mode of action: Hackers usually usurp the identity of a manager, a service provider or even an employee, and use telephone or email as communication means.
Potential risks: Financial loss for the company or organization.
Beware of these kinds of cyber threats and alert your company supervisor or IT team if you notice any abnormal activity, or fear your equipment has been compromised.
When working from home, it is important to ensure you protect your company and yourself from potential cyberattacks.
Check out these 10 tips, which can help you contribute as much as possible to the security of your company.
Separate your personal and professional life – if possible, by using different devices. If you have a corporate device, use it for business tasks only.
Likewise, your personal equipment should be used for your personal life – so no mixing business with personal.
Your company has created security guidelines to protect and avoid potential risks.
And we all know risks can be found anywhere, so this should apply also when working on remote.
If for some reason you cannot comply with a given rule or policy, let your company know as soon as possible, so you work out a suitable solution together.
Here we are talking about security updates. These are proposed to fix potential security bugs that could be used by hackers to attack you and your company.
Make sure your connected devices are always up-to-date.
Make sure your equipment has an antivirus installed and that this is up-to-date.
Then conduct regular scans to reveal potential threats.
If any device cannot have a security antivirus installed, avoid using it to access your corporate network.
Most attacks are due to weak or repeated passwords.
When choosing a password, make sure this one is long and complex enough not to be easily figured out.
Also, use different passwords for each equipment and services you use – especially for your personal and professional devices!
If unprotected, your home WiFi could also serve as an entry door for hackers to infiltrate your network.
By securing it with a strong password and using WPA2 encryption, you can help protect your internet environment.
Your supervisor emails you requesting to make an immediate bank transfer to a new provider, whose bank details are included. What do you do?
This email could be fully legitimate, but could also be phishing.
If you receive an unexpected or panicky message, double-check the legitimacy of the message, if possible through a different communication mean.
Applications and programs downloaded from the internet can contain malware.
To mitigate the risks, use official stores to download applications (like Apple AppStore or Google Play) and avoid fraudulent or suspicious websites (like streaming ones).
If you use a corporate device, check with your IT team before installing anything on your equipment.
Find out more tips and information on:
Source: Recommandations de sécurité informatique pour le télétravail en situation de crise. DOP 23 March 2020. Cybermalveillance.gouv.fr (https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/recommandations-securite-informatique-teletravail) [Last accessed: 31 March 2020).
Icons made by Freepik from www.flaticon.com
Download the Boundless Security leaflet to learn more.