Stay secure to ensure business continuity
Niall Tuohy, Security Product Manager, Vodafone Ireland
COVID-19 is rapidly changing how we work and do business, and with companies across Europe, and the world, continually taking steps to ensure business continuity, whilst managing the health and safety of their people. However, as more employees are encouraged to work from home, the risks for a security breach multiply. Whether your business is a large bank or a small firm, security must be built into your COVID-19 continuity plans.
Phishing in the era of Coronavirus
Many people are relatively cyber aware today and understand that they should not open emails asking for sensitive information, insisting you act upon something immediately. However, reports from the FBI and other international security bodies show an increase in phishing attacks, as criminals seek to capitalise on the pandemic.
New scams or ‘scareware’ through email, text and social media are designed to exploit public fears about the virus and business fears about our new remote reality. According to the National Fraud Intelligence Bureau in the UK, victims lost over £800,000 to coronavirus scams in February. For example, scammers are offering information or statistics on coronavirus, deals on surgical masks or free VPN offers for businesses, but when you click on the link a malware, or malicious software, is installed allowing them to take control of your computer, log your keystrokes and access company and/or customer data. These phishing emails may look like they come from an internal address, but if it looks any way unusual, it is important that you contact the sender before opening the link. And be aware of free or limited offers from unknown parties and untrusted websites – if it’s too good to be true, it usually isn’t!
Secure home working – connect with confidence
Securing your devices is key to secure home working. For businesses who already have security built into devices, make sure your solutions are up-to-date and operating on the latest versions. At this time, you may want to add a feature so employees can clearly see when an email was sent from an external source. Company devices should have a VPN or virtual private network so employees can access company email and applications, without risk, preferably with a two-step authentication process. Businesses may also want to blacklist certain websites and install more robust device management software for an added layer of security in these uncertain times.
For people working from home, malicious attempts to gain entry to your WiFi are possible. To mitigate this, and as a best practice, you should always change your home WiFi password from the generic admin password provided to a personalised one. Another option is to ‘hot spot’, using the mobile data from your device, if it is secured through robust management software.
People may be working with a combination of personal and company devices as an interim step to ensuring business continuity. Without the security of a firewall or the ability of updating or enforcing the latest anti-virus, at a minimum, devices need to be using up-to-date anti-virus software. Solutions such as, Palo Alto Traps can be easily sent to an employees’ device and can provide an enhanced feature set. Traps replaces legacy antivirus and secures endpoints with a multi-method prevention approach that blocks malware and exploits, both known and unknown, before they compromise laptops and other devices.
Securing personal devices
Some companies are in a situation where employees need to use personal mobile devices for email and other tasks. If employees do not have a laptop, and are using a phone or tablet to access email, there are mobile device management tools available to help secure the device and push email profiles and applications directly to it. Employees should also be encouraged to change their password regularly on the device they are using, but enforced password change and time out options can also be activated through the mobile device management tool.
Back it up in the cloud
Most companies now work with cloud tools. If you are not using a cloud-based file sharing solution, the good news is Microsoft are currently offering their Teams solution for free. Also, in the last minute rush to work from home, many people may have downloaded company files directly to their laptops, but working off these files means they are not backed up in the cloud and are prone to ransomware attacks. Encourage employees to use your cloud solution remotely and deter them from using personal cloud storage solutions that are not secured by your company’s data protection protocols.
Industry is being responsive to the impact of COVID 19 in so many ways, with restaurants offering delivery services and supermarkets adopting innovative ways to ensure people can socially distance in-store. Cybercriminals are adopting new ways too and businesses must ensure data, devices and any endpoint that an employee is using are fully protected.
The team at Vodafone Ireland Business are on hand to offer guidance and support for any customers going remote.