Cyber criminals thrive in a crisis. But IT superheroes across the world are suiting up to keep teams safe from digital lurkers and malicious malware.
Most companies have very quickly transitioned to a work from home (WFH) model for their staff. And this swift move could potentially create scenarios where important security measures may have been overlooked. As an IT managed services and security firm, our goal is to keep staff safe and productive. We understand that it’s inevitable that a few security safeguards may still be unchecked. Cybercriminals are banking on this oversight and have modified their efforts and focus to exploit the new remote work environment.
Some deceitfully creative scenarios we’ve seen during the coronavirus pandemic:
- Sending fraudulent invoices purporting to be from legitimate vendors, with changed wiring instructions with the money going to the hacker’s account.
- Luring victims with malicious documents, claiming to be important information sent from the World Health Organization.
- Pretending to represent the U.S. Small Business Administration (SBA), reaching out to help with loan applications (in an attempt to get access to private financial information).
Common cybercrime tactics to look out for:
- Free COVID-19 tracking and reporting apps. These are often malware. Do not load any apps unless directed by your employer.
- Computer-based COVID-19 health assessment apps. There are apps suggesting they can use your phone/watch to monitor your temperature and critical vitals and pre-alert you to any concern of being ill. Do not use these apps, and please only get medical advice from qualified practitioners.
- Urgent emails from coworkers or boss needing assistance to procure gift cards, provide access to another users, etc.
- Calling from “the IT department” to help reconnect your PC from home. Before clicking or replying to any unfamiliar-looking emails purporting to be from your IT department, follow up with your IT department in a separate email to confirm legitimacy.
The list of trickery goes on. And we can’t stand to see people taken advantage of, especially when you’re vulnerable.
Here are some key steps you can take to amplify your IT security and protect yourself from these cyberattacks:
For laptop users:
- Your Virtual Private Network (VPN) should not use split tunneling. Yes, this does impact company bandwidth, but is worth the impact considering the added protection.
- Do not use public Wifi without VPN. Public Wifi hotspots allow other people to read your data. When using a VPN service, you ensure that your data is unrecognizable.
- Implement AlwaysOn Virtual Private Network (VPN) to ensure consistent, secure access to ONLY company resources. Always On VPN provides a seamless, transparent, and always-on user experience. A VPN connection is established automatically when an authorized employee has an active Internet connection. Remote users access on-premises data and applications in the same way, if they were at the workplace.
- Do not allow admin rights, especially on laptops. When you give your users admin rights, this will allow them to change system settings, and could affect your compliance to regulatory standards (and put your security at risk).
- Ensure drive encryption is enabled, current, and reporting in. This is always a good thing to do, preventing any unauthorized access.
- Ensure all updates and AntiVirus (AV) is current, and reportable. Software updates are vital, because they often include critical patches to holes in security. A current AntiVirus is obvious, given the topic. Finally, make sure these items are reportable, so the IT team can identify any threats.
For Non-Laptop/VPN users:
- Do not allow VPN from any non-corporate owned machine. Ever. In the case of a lockdown, employee home computers would be inaccessible.
- Implement Citrix with Multi-Factor Authentication (MFA). This has become the single most effective control to insulate an organization against remote attacks
What can you do today?
- Implement Multi-Factor Authentication for all Virtual Private Network (VPN), Citrix, and Webmail connections. This provides additional security by adding protection in layers. The more layers you build into the sign-in process, the lesser the risk of an intruder gaining access to critical systems.
- Consider leveraging Office 365 MyApps portal and Single Sign-On (SSO) to any system that supports Security Assertion Markup Language (SAML) 2.0. Most organizations already know the identity of users because they are logged in to their Active Directory domain or intranet. It makes sense to use this information to log users in to other applications, such as web-based applications. It also helps prevent the use of weak passwords.
- Implement the Crisis Communications App. The solution combines capabilities of your existing Microsoft Office 365 investment and can be used on the web, mobile or in Microsoft Teams. It provides employees a user-friendly experience to stay connected during a crisis and ensures the right information is broadcast efficiently through a secure channel, regardless of location.
If you’re not a technical person, it’s ok. Your IT team will understand how to ensure these measures are implemented and secured. But if you have any questions about our recommendations or need general advice around securing your environment and remote workforce, we’re here, standing by, ready to help. Feel free to reach out.
Consider us your managed services and security superheroes. We won’t let cyber criminals get you. Not on our watch.