The global COVID-19 pandemic has largely changed the way we work. From cloud and hybrid cloud to on-premises environments, the rules of cybersecurity remain the same – and so do the methods of attack – but this time with a renewed vigor.
From whaling and phishing to malicious sites, knowing how to recognize these threats and their methods of delivery, along with what to do in the event of an attack are all major factors in prevention. Here are 4 things that will help keep your employees (and your environment) safe in the remote workplace.
- KNOW HOW TO RECOGNIZE THE VARIOUS ATTACKS
While many of these attacks are considered mainstays in the cybercriminal's arsenal, it’s important to keep their definitions in mind as the telework space becomes more common.
- Phishing is when attackers attempt to gain information from you that you wouldn't normally give out by masquerading as someone else, usually via email.
- Whaling is a form of phishing that focuses on a specific high-value target within an organization. For example, a staff member in accounting receives an email that appears to be from the CEO or other high-ranking executive asking them to wire a large amount of money to a third-party.
- Ransomware is malicious software attackers use to deny access to systems or data, and in most cases, require a monetary payment or ransom to regain access to the effected systems.
- KNOW THE METHODS OF ATTACK DELIVERY
As more people work from home without their IT organizations in close proximity to guide them through times when threats ramp up, it’s absolutely critical to know what these attacks look like and their methods of delivery. Phishing attacks via email have become more sophisticated. These malicious file attachments have been disguised as documents related to COVID-19, along with emails from senders posing as legitimate sources, such as United States CDC, Department of Homeland Security and World Health Organization. While everything looks legitimate on the surface, the embedded links direct those who clicked on them to a login page designed to steal email credentials.
Remote video conferencing tools, such as Zoom, along with other remote working platforms and virtual private networks also pose a wide range of vulnerabilities attackers can easily (and effectively) use to steal sensitive data. One of the more clandestine threats among this method of attack is the presence of macro viruses in documents downloaded from work platforms that can quickly spread across a telework network before being detected.
- PRACTICE GOOD SECURITY HYGIENE
Translating the same personal-hygiene precautions we take to ensure our health into our cybersecurity measures is the key to reducing risk and keeping our devices, networks and environments safe. Here is a short list of best practices that should always be followed, regardless of IT environment type or workplace.
- Keep software up to date.
- Use a multi-layered security solution, such as Protelligent’s Premonition™ Security Suite.
- Use multi-factor authentication and end-to-end encryption.
- Only use devices and connections approved by your IT department.
- Keep and store current data backups off-site.
- Watch for spelling or grammar errors in emails.
- Hover over email domain and embedded links to verify senders and domains.
- Use anti-virus software to check every file downloaded from a work platform before opening it.
- KNOW WHAT TO DO IN THE EVENT OF AN ATTACK
Effectively protecting your systems and data from phishing and other malicious attacks means training your team to follow these steps to contain a potential infection:
- Immediately notify the IT department.
- Isolate the infected computer.
- Immediately secure backup systems or data by taking them offline.
- Contact law enforcement and if possible, collect and secure partial portions of the ransom data that may exist.
- If possible, change all online account passwords and network passwords after removing the system from the network.
- Call Protelligent’s certified IT architects.
Leaving any part of your organization’s security to chance (global pandemic or otherwise) is simply non-negotiable, especially now, as we navigate the challenges of how we continue to effectively leverage the remote workplace. Partnering with a managed-services provider, like Protelligent®, who has the certified knowledge and experience to effectively adapt your IT infrastructure through every challenge will always be the best way to protect your business. Call us at (855) PRO-TELL to get the peace of mind you need to grow and thrive in every climate and circumstance.