The Risks of a Remote Workforce
COVID-19 drove a rapid and unexpectedly broad disruption to businesses around the world, leaving organizations struggling to maintain security and business continuity. The sudden proliferation of remote workforces forced adaptation on the go. Organizations underwent overnight transformations, ensuring critical business functions remained operational and customers stayed satisfied and unimpacted, all in the face of a dramatic increase in their attack surface.
Increased Susceptibility to Phishing Attacks
At the peak, over a dozen phishing emails circulated, with the pandemic as the main theme, impersonating the DHS and the WHO to actively redirect victims to a malware download address. Threat actors took advantage of stolen personal data to stealthily monetize personal information extracted from unknowing users’ machines.
Put your employees and security operations on guard.
Threat Actors Exploit Opportunities
Cybercriminals continue to capitalize on the global population’s hunger for information on how the virus affects people’s daily lives. Hackers have hijacked routers to spread coronavirus-themed malicious applications, disseminate malware, and conduct large-scale phishing campaigns. Combined with a remote workforce that was rushed home with little security preparation, this constituted a perfect recipe for cybercrime profit.
Amplify company-wide cyber hygiene activities.
Remote Workers Lack Security Awareness
Ransomware and malware attacks have always been around; COVID-19 merely amplified this phenomenon, fueled by a peak in employee usage of online meeting and communication platforms and remote data access. With the majority of the workforce working from home and utilizing such platforms, it is imperative that mission-critical systems are actively maintained, secured, and patched.
Address remote work vulnerabilities.
Tips and Tricks on How to Recalibrate Your Security Operations
With most employees currently working from home, it is essential to make sure they operate in a secure environment. Here are a few practical pieces of advice we can offer, and some areas for consideration:
- Continuously monitor newly adopted remote access and collaboration technologies and their vulnerabilities (e.g., frequently used public code repositories).
- Monitor and enforce strong passwords, along with mandating 2FA for any access to corporate resources.
- Ensure the use of VPNs and encryption for communication and file sharing.
- Educate end users on the current threat landscape and the types of attacks deployed by different threat actors, including phishing, malware, social engineering, fake mobile apps, and more.
- Check for any suspicious URLs within emails.
- Use trusted sources for fact-based information about COVID-19.
- Avoid responding to emails soliciting personal or financial information.
Watch this on-demand webinar that highlights the steps businesses can take to enhance their data protection efforts as the workforce remains remote.