You’re not alone in working from home during this COVID-19 pandemic – scammers, hackers and phishers are beavering away, searching for vulnerabilities to exploit within your IT networks and processes. The stark reality is that many thousands may have lost their jobs amid the current health crisis, but for cybercriminals it’s just another huge, unexpected opportunity for profit. Washing your hands or applying sanitiser is no protection against organised crime.
The first way to protect your home and business IT is to recognise the increased vulnerability introduced by so many people working from home. The number of access points to any given network has increased dramatically. In many instances those home-based access points will not be as secure as a locked-down and secured onsite business network.
Stay informed about the likely ways that attacks are launched. The huge surge in the number of websites registered this year which reference COVID-19 or CORONAVIRUS should set alarm bells ringing. Some will be legitimate. Many are not. All should be treated with a healthy amount of suspicion and caution.
Illegitimate websites, often appearing to represent genuine government or health organisations e.g. WHO or myGOV, try to harvest personal details – names, addresses, dob, usernames, passwords and other identifying information. Information that can be used to access email and social media accounts, or worse – bank accounts.
Fake emails or text messages (SMS) may contain links to equally fake websites, or to downloads containing trojans, viruses infecting computers within the network, or some variant of ransomware that locks individual machines or networks making them unusable.
Protecting your business requires multi-layered security – no single procedure or action provides the required level of protection in every circumstance.
Employees, whether in the office or working from home, are any organisation’s biggest vulnerability and most likely cause of infection. Keep everyone updated with the current heightened risk status and provide examples of suspicious emails, text messages and websites – let them see what to look for and beware of.
Handling Procedures for dealing with suspicious emails/files/websites
Develop and deploy specific procedures to be followed when dealing with suspicious files, emails or websites.
Antivirus and Anti-spam Software
Keep antivirus and anti-spam software updated for best protection from virus threats. IT Security organisations are working fast to nullify each new threat as it emerges.
MFA – multi-factor authentication – a two-key method of accessing accounts, such as:
- Software Push Notification– after entering a password, user receives notification, via an App on their smartphone, advising of login attempt. User elects to deny or approve the request.
- Authenticator App – entering password causes a single-use, short-life code generated on Microsoft Authenticator, Google Authenticator or similar, to be sent to or accessed from user’s smartphone. User must enter that code within a specified time limit in order to gain access.
Businesses can help protect their systems from unauthorised access by enforcing MFA by all users.
System and Data backups
Regular backups of the system and data, as per The IT Agency’s Backup Best Practice procedures (applicable to on-premise server backups; Cloud backups are handled differently), the 3-2-1-1-0 rule:
- Maintain at least 3copies of business data
- Store critical business data on at least 2different types of storage media
- Keep 1copy of backups in an off-site location
- To counter ransomware, add an extra 1to the rule – one backup media is offline
- Ensure all recoverability solutions have 0errors
The IT Agency remains dedicated to keeping your business connected, protected and productive throughout the Coronavirus emergency. If you’d like help with any aspect of work from home and the security implications, contact The IT Agency on (02) 8317 4730.