It’s been a challenging time for many organizations amid the turmoil of the COVID-19 pandemic as they’ve had to suddenly switch to having huge chunks of – if not all – their workforces working remotely to remain safe.
This work needed to be undertaken quickly, with little warning, and now many companies are finding that many of the measures put in place to enable their employees to work in new ways may be vulnerable to cybersecurity threats.
A report late last year from INTERPOL has found that COVID-19 is responsible for seeing a shift in the focus of cybercriminals from individuals and small businesses to new targets of major companies, government entities, and critical infrastructure – highlighting the urgency of securing a remote workforce in organizations.
Many of the tactics that cybercriminals are using are similar to traditional ones. Cybercriminals, including hackers and scammers, are using fraudulent means to target organizations through the weakest link: their employees.
There are many cybersecurity risks that are increased because of remote working. With employees increasingly dependent on the internet and cloud services in order to keep doing their jobs during the pandemic, there are new ways for them to be targeted, placing your company’s systems at risk of being compromised.
Table of contents
- Phishing and online scams have been refocused
- An increase in scam telephone calls
- Insist on anti-virus tools for all home computers
- Ensure your virtual meetings are secure
- Be mindful of secure remote connectivity
- Implement multi-factor authentication to prevent unauthorized access
- Overcoming issues with communication channels
- Warn your employees about the dangers of insecure Wi-Fi
- Beware of malicious misinformation
Top tips to deal with cybersecurity threats in the pandemic
These are the 9 most critical things you need to be aware of in terms of remote workforce cybersecurity:
1. Phishing and online scams have been refocused
The usual online scams and phishing schemes have evolved to have COVID-19 themes. Nowadays it isn’t uncommon for these criminals to impersonate health officials or government agencies. The end game is still the same: employees are tricked into providing personal credentials and/or downloading malicious files.
As part of your remote workforce security efforts, it is definitely worthwhile to remind your employees about these types of emails and give updated examples of the common COVID-19 themed phishing emails doing the rounds.
2. An increase in scam telephone calls
Like their emailing colleagues, scammers are busy working the phones in fake call centers pretending to be from a range of different organizations from the police to the tax department to the employee’s internet service provider.
One I received personally just last week was from a person purporting to be from my own company’s IT help desk and wanted me to download an app so he could access my computer remotely.
According to Australia’s biggest telecommunications company, Telstra, there has been an increase in these calls during COVID-19 and the company is blocking half a million suspected scam calls from reaching end users every single day.
In the United States, the situation is not much better: a recent report by USA Today claimed that three-quarters of Americans have been targeted by phone scammers over the last 12 months.
It also identified COVID vaccination phone scams are on the increase.
Scam calls can be difficult to detect as often the scammers are spoofing the number they are calling from so it looks as though they are calling from a legitimate and reputable entity. Encourage your employees to be vigilant and never give out any compromising details to an unknown cold caller.
3. Insist on anti-virus tools for all home computers
In many organizations, employees are using personal devices to access company systems. Generally, the IT department has no control over these devices as they aren’t owned by the company itself and cannot install software, such as anti-virus software, on these machines.
A good way around this and to secure your remote workforce is to have a policy that all employees who access the company’s systems from a home device MUST have an antivirus software application installed on their machine.
4. Ensure your virtual meetings are secure
Companies are seeing an increase in virtual meetings over traditional in-person face-to-face ones. There are a number of different virtual meeting platforms on the market, however, it is essential to ensure the one being used in your organization meets all appropriate security standards.
Throughout the pandemic, some of these platforms have been exposed as having security vulnerabilities. This means that they could be compromised by cybercriminals who could listen in on or record sensitive conversations among other things. To that end, you also need to ensure you regularly download any updates and patches to keep your systems safe and secure your remote workforce’s conversations.
5. Be mindful of secure remote connectivity
When employees need to access the company systems from an external location, they should be doing so in a safe and secure manner. The best way is via a VPN ( a virtual private network) that uses either SSL or IPSec. The benefits of this are that the employee can safely access the company’s corporate environment without the risk of a nefarious intermediary in between.
6. Implement multi-factor authentication to prevent unauthorized access
When your employees have to use multiple layers of authentication in order to access systems, it provides an extra safety net to keep unauthorized users out. This means that if any credentials are stolen or guessed by criminals, it is unlikely they will have access to the next layer that is needed (for example a code sent via SMS to a cellphone to authenticate the access.)
7. Overcoming issues with communication channels
With people working remotely, it can be hard to communicate with the entire workforce at the same time with priority information about critical issues. This means the IT department, for example, may not have a reliable way to send a planned outage notification or inform everyone about a cyber threat. Having a special communication channel, such as DeskAlerts, can help to overcome this issue.
There is an additional issue in some organizations where the absence of regular physical interactions with colleagues has meant a void that has been filed with unofficial and insecure communications on personal messaging platforms. This means that important and confidential business information could be placed on a forum that doesn’t have the appropriate security safeguards.
8. Warn your employees about the dangers of insecure Wi-Fi
When working remotely, it can be tempting for your employees to connect their devices to free Wi-Fi services to access the internet. Of course, free Wi-Fi is insecure and can, unfortunately, expose your employee – and your systems – to cyber threats, making it a major issue for remote workforce security.
This includes cyber criminals being able to see what information is being accessed and even gaining passwords and credentials.
Employees should always use trusted and known Wi-Fi connections while working remotely, for example their home internet service. Home wireless routers should always be secured with strong passphrases.
9. Beware of malicious misinformation
According to INTERPOL, there is an increasing amount of “fake news” and misinformation circulating in the community related to COVID-19.
Often this information is conspiracy theories, gossip, or unsubstantiated rumors. But in other cases it is being used to facilitate the execution of cyberattacks. Some of the sites where this fake information is posted also contains malware.
Encourage your employees to only use trusted and verified sources of information such as your local health authorities or government. Your organization should also only ever circulate information about COVID-19 from official sources.
Securing your remote workforce with DeskAlerts
DeskAlerts is an internal communications software tool that helps to overcome a range of common issues with sharing information in large organizations. It works by using different channels and tools to send information to employees’ computer screens or cellphone and tablet devices.
The system is designed to be deliberately obtrusive and works to send messages in a highly visible way that can’t be ignored, cutting through the “digital noise” in an often cluttered information environment.
The main ways to use DeskAlerts to help with securing a remote workforce includes:
- Sending IT outage alerts
- Sending urgent cybersecurity threat alerts
- Sending reminders and cyber security tips/rules
- Quizzing your employees on cybersecurity alters to test their knowledge.
In particular, DeskAlerts helps with the following IT pain points in remote workforce cybersecurity:
1. Help desk call volume overload
When you have a known IT issue you can save your help desk time and inform everyone as quickly as possible that there is an urgent IT matter that is being addressed. Your help desk front line would ordinarily spend a lot of time answering identical calls for assistance.
Sending communications via DeskAlerts means the help desk will be freed up to spend more time fixing the outage or other issue, and the information can be sent in a matter of seconds, using an invasive pop-up format.
2. Improving the IT department’s image
Service disruptions are unpopular and people can be quick to blame the IT department for everything. When you are able to inform everyone in a timely manner, and have a delivery report to prove everyone was informed and was sent the same message, can eliminate this issue.
3. Users not updating software
When there are new programs introduced, or old ones need to be updated, it can be problematic when users do not perform these updates. A common reason for this is because they didn’t know an update was required.
The repercussions of this are that data can be lost because forced updates catch them in the middle of an important task or the software no longer functions properly or is not supported on the device because it is out of date. Outdated software is also an impediment to securing a remote workforce as it may contain vulnerabilities that can be exploited by cybercriminals.
By using DeskAlerts you can overcome these challenges by reminding people about critical updates in a way they won’t be able to miss.
4. Driving IT change projects
Change management is a necessity in the IT world and COVID-19 has demonstrated that big change initiatives can be forced upon an organization quickly and with little notice, as we saw with the transition to remote working during the pandemic. When these large-scale initiatives take place, you need them to happen quickly and smoothly.
The duration of the process will be greatly influenced by the efficiency of communication. Basically, the faster you can get every member of the workforce to follow the instructions and do what is needed, the faster you can complete the change and embed new work routines.
COVID-19 has been a stressful time as we’ve all had to pivot to ensure that business can continue to function. However, it should be seen as something we can all learn and grow from, particularly when it comes to IT preparedness and having to quickly move to change the traditional ways of doing things.
Not only is now a good time to take stock to see how your systems have stood up during the pandemic and to fix any vulnerabilities to secure your remote workforce, but it’s also good to have an eye on the future and have plans in place to keep future-proofing your cyber security.