Home office because of COVID-19: Don't forget cyber security!

The fact that more and more employees have to work from home is also attracting cybercriminals: IT security specialist Check Point says that domains linked to the term "coronavirus" carry a 50 percent higher risk of being malicious - just like the virus itself... This means that companies must quickly provide their employees with the right training and resources so that they can do their work away from the office, especially as hackers are quick to try to exploit carelessness, which is more likely to happen at home.

So the question becomes: what should employers and employees look for to ensure that working from a home office is just as safe as working in the company's own offices? Here are a few tips:

What employees should pay attention to in the home office

• Be on the lookout for phishing: Be careful when clicking on links that look suspicious in any way and download content only from reliable sources that can be verified. Remember that well-disguised phishing emails can make you a target for social engineering. So, if you receive an email with an unusual request, check the sender's details carefully to make sure you are communicating with colleagues and not criminals. So keep a critical eye on anything that pops up unexpectedly in your mailbox.
• Choose your device carefully: Many employees use their company computer or laptop for personal use, which can pose a security risk. The risk is even greater if you use your personal computer for work purposes. So if you must use a personal device for work, talk to your IT team about how you can strengthen security - for example, with a strong antivirus and security package.
• Beware of letting others listen in: Does your home office Wi-Fi network have a strong password or is it open? Make sure it's protected from anyone within range who can access and connect to the network. The same goes for working in a coffee shop or hotel - be careful when connecting to public wireless networks. Unsecured networks make it easier for cybercriminals to access email and passwords.

Important points for employers

• Do not trust anyone: Your entire remote access plan must be built on the principle of "zero trust". That means everything must be verified and nothing must be assumed. Make sure you understand who has access to what information - segment your users and make sure you have them working with multi-factor authentication. Also, now is the ideal time to retrain your teams so they understand why security is so important when they can access information remotely.
• Pay attention to each endpoint: Typically, you have people working at desks in the office. Assuming that your devices are not taken home, you now have a number of unknown devices that need access to your corporate data. You need to think ahead about how to deal with the threats posed by data leaks and attacks that spread from these private devices into your network. And you need to ensure that the devices as a whole have adequate security measures in place.
• Test your infrastructure under stress: To integrate secure remote access tools into your workflows, a VPN or SDP is critical. This infrastructure must be robust and should be stress tested to ensure it can handle a large volume of data when your employees are working from home.
• Define your data: Take the time to identify, specify and tag your sensitive data. Based on that, prepare policies that ensure only the appropriate people can access it. Don't make assumptions about past data management and take a granular approach that suits you best once remote access is fully enabled. After all, no one wants to inadvertently give the entire organization access to, say, HR.
• Segment your workforce: Conduct an audit of your current policies regarding access and sharing of different types of data. Re-evaluate both company policy and your segmentation of teams within your organization to ensure you have different levels of access that correlate with different levels of data sensitivity.

Source and further information: Check Point