With the COVID-19 pandemic upon us, we may suddenly find our entire lives playing out online. Never before has the connected world and our ability to communicate, socialize, work, and transact online been more front-of-mind or more critical.
Although the ability to do this is incredible, we have to face the reality that where people go, cybercriminals follow. If there is an opportunity to exploit a situation and lure people into disclosing personal data or sending money falsely, you can guarantee that cybercriminals will be working on it.
Recently, Kaspersky researches have uncovered coronavirus/COVID-19-related malware trying to piggyback on the virus, hiding malicious files in documents purporting to relate to the disease. But opportunities for online security to be compromised doesn’t end there.
“With a lot of countries in Southeast Asia under different forms of lockdowns, companies are now finding ways of using technology to keep their businesses’ continuity. From face-to-face meetings, we have seen the rise of video conferencing. Cybercriminals are aware of this trend and they can exploit and infiltrate through different entries, such as insecure Wi-Fi, network without encryption, use of weak passwords, and poor or neglected app permissions, among others,” says Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“We would like to believe that companies around the world are now aware of the importance of securing their applications and websites, especially with the current shift in the IT environment we now face because of this pandemic. However, the reality is that many organizations are not geared up for people to work from home and are thus trying to understand the challenges in real-time, under exceptional circumstances. Whilst for some, it is more commonplace and now is a good time to re-examine security around remote access to corporate systems,” he adds.
IT departments globally are facing their biggest networking challenges currently as we see unprecedented numbers of people connecting remotely to corporate networks, putting additional pressure on already strained IT and security infrastructure. Once a device is taken outside an organization’s network infrastructure and is connected to new networks and WIFI, the risks broaden and increase.
There are a number of simple steps that these organizations can take/or ask people on their network to take to reduce the cyber-risks associated with remote-connectivity.
Kaspersky experts advise the following:
- Provide a VPN for staff to connect securely to the corporate network
- All corporate devices – including mobiles and laptops – should be protected with appropriate security software, including mobile devices (e.g. allowing data to be wiped from devices that are reported lost or stolen, segregating personal and work data and restricting what apps can be installed)
- Always implement the latest updates to operating systems and apps
- Restrict the access rights of people connecting to the corporate network
- Ensure that staff are aware of the dangers of responding to unsolicited messages
Specifically for video conferencing, Kaspersky suggests companies to:
1. Assess the security features of the platform you will use
2. Be sure that your apps are updated
3. Read and set the permissions carefully, both during the conference and in the storage of the conference recording
4. For user authentication, use a single sign-on (SSO) so your IT team can track and verify credentials
5. Encrypt and secure your network tightly
6. Create a video conferencing policy which will set expectations as well as boundaries amongst all its participants