Cybersecurity Meets COVID-19: Securing your Remote Workforce

It’s a strange time right now.

One result of COVID-19 is a global workplace transformation in which traditionally on-site employees are migrating to home office environments, to help stop or slow the spread of infection. However, as millions transition to the new realities of remote work, companies face not only the challenge of ensuring that a newly remote workforce stays connected, but also secure. 

Unfortunately, as we navigate the uncertainties of COVID-19, there’s one more unwanted challenge to add to the list: cyberattacks. Already, nefarious attackers are leveraging coronavirus to take advantage of vulnerabilities (both human and technology) and launch malware and other attacks. One report suggests a “bevy of new threats” including coronavirus-themed malware, “booby-trapped URLs”,  and credential scams. 

Another source reports on suspicious new domains with words like covid, pandemic, and vaccine – it documented 13,500 such domains on March 15, an additional 35,000 domains the following day, and 17,000 more domains by the third day. While many of these sites are legitimate, some are not, and all it takes is one phishing email or bad download to bring your business to a halt. 

So, as we all try to navigate new ways of working and coping, we share a few tips to help ensure that your new workforce stays not only productive and connected, but secure.

Use Secure WiFi Across All Devices

You likely already know this, but it bears repeating at this point in time: unsecured WiFi networks present an opportunity for cyberattackers to infiltrate your business devices. As your team moves to remote working environments, many now rely on home or shared WiFi networks to stay connected. 

This presents new attack vectors for advantageous attackers seeking to extort the new COVID-19 workforce – and these scammers are targeting mobile users as well as desktop users. We read of one campaign, for example, that targets Android users with ransomware that will lock a user’s device when they install a seemingly safe coronavirus tracker app. 

Advise your employees to only use secured or private password-protected WiFi networks. If employees are unable to access a secure network, ask them to use a VPN or their mobile device as a hotspot. Depending on your unique business, setting up a VPN for your workforce might be an entirely new task for you or your IT team. If you need help selecting and setting one up quickly and securely, we are here for you

Don’t Get Video Bombed: Secure your Collaboration Tools

Keeping remote employees connected will require the right set of collaboration tools, something many teams are exploring and implementing for the first time. You’ve probably heard about the uptick in use of the teleconference software Zoom, including a litany of security issues, such as an installation process that granted root access to a user’s computer, questionable routing, and lack of end-to-end encryption for video calls. 

There’s also “Zoombombing”, in which uninvited attendees appear with unwelcome comments or disruptive images via screenshare. The company is patching many of these issues; if you and your team use Zoom, make sure you install the latest version with these fixes and patches. 

But there are other popular collaboration tools, including Google Suite and Microsoft Teams. Both have built-in security options. Google, for example, is cloud-based and all G Suite services run on the same enterprise security infrastructure. And Microsoft Teams enforces team-wide two-factor authentication, single sign-on, file security, and data encryption in both transit and at rest. 

While many of these important security features are indeed built-in, they’re not all plug-and-play. Often, you may need to make proactive decisions about system configurations. This is another service we can assist with throughout COVID-19 and our ensuing workplace transformation – we  can provide you with customized best practices and settings to maximize the security of your collaboration tools and establish the most secure configurations for your unique business. 

Dance the Two-Step: Use Multi-Factor Authentication and Secure Passwords

Another effective strategy to secure your now-mobile workforce is via two-step or multi-factor authentication (MFA). MFA is a simple but sound way to improve your security posture, by requiring users to provide an additional form of identification, such as a password plus a passcode from a device or a password plus a phone call to a predefined number. Configure all applications to use multi-factor authentication upon each login and, again, only allow access to your company server via secure WiFi or VPN. 

Don’t forget the basics right now, either, like proper password management. Advise your employees to set strong passwords and avoid reusing passwords. Despite the ubiquity of login credentials, many organizations continue to set weak passwords or use the same passwords across multiple sites, among other bad practices. (A recent report found that 65% of people reused the same password on multiple sites, half of respondents kept track of passwords on paper, and 61% wished for a better way to track multiple passwords.) Educate your employees on how to set strong passwords, and consider using a password manager.

You Get Anti-Virus, and You Get Anti-Virus, and You Get Anti-Virus!

Another pillar of a secure remote workforce is your anti-virus software. Anti-virus and anti-malware software are vital components of a strong security infrastructure. Anti-virus and anti-malware will help you detect, protect, and remove malicious software from your business systems. The right solution can stop some of the most common and damaging attacks, including Trojan Horse attacks, ransomware, rootkits, keyloggers, and exploits. 

As we navigate new COVID-19 workplace realities, take this moment to help your organization install the proper security software. We have a few recommendations here:

  • To protect your business, make this a requirement among all employees, not just those who work with sensitive or confidential data. Institute a clear plan, timeframe, and process to ensure that every team member has completed this, and has done so properly.

  • Make sure your team is installing the same version and in the same manner. This is where clear instructions and tech support are important to ensure that every member has successfully installed your standardized software package.

  • Install anti-virus software on all devices, including desktops and laptops as well as mobile devices like phones or tablets. 

  • It doesn’t end with installation. Once you’ve implemented the software across your organization, continue to communicate with your team about any future software updates or patches.

Clearly Inform and Educate Your Employees

Remember, even with a new remote workforce, your systems are only as secure as your people. Research suggests that the “vast majority” of cyberattacks are designed to exploit the human factor. It’s more important than ever to get everyone at your firm on board with clear and effective cybersecurity training.

Ongoing support and inclusivity will be key here.

First, be sure to let employees know of new potential threats as they arise, especially scams that take advantage of the coronavirus. Educate your team on how to spot fraudulent emails, texts, calls, or social media posts and provide a clear plan for what they should do if they think they are targeted. 

Second, remember that security is everyone's responsibility. Include every employee at all levels of your organization in your training and updates. If you work with independent or remote contractors, consider an ancillary training that speaks to their particular risks and needs. For more, see this post on best practices for effective cybersecurity training for your staff.

Lastly, while the majority of your workforce may now be working remotely (including yourself or your IT department), don’t forget about essential staff who are still required to be at the office or workplace. Even if you were already offering a high level of security at your business, these new “skeleton crew” workplaces can create new vulnerabilities of their own. And, likely, your entire team is a bit on edge around COVID-19 uncertainties; in times of distraction, people are more likely to fall for malicious scams.

At this moment in our history, one thing is known about COVID-19: that there remains many unknowns. How long people will need to work remotely, and in what ways our workplaces will be transformed as a result are still unclear in many industries. We get it. And we’re here to help you when you need it. Our workplace cybersecurity experts can help you establish a VPN, implement the right collaboration tools, set up multi-factor authentication, install or update anti-virus software, and create custom educational resources for your team. 

As a result, you can stay connected, productive, and secure during these uncertain times and as we (hopefully) navigate a return to normalcy in the weeks or months ahead.

Please stay secure and healthy! Get in touch with me anytime at (262) 288-1501 or via this form.

Ready to get started?