COVID-19, the disease caused by the novel Coronavirus has already been declared as a pandemic by the WHO. The question that is bothering everyone is whether COVID-19 is a pandemic of unmatched severity or are the concerns of millions of people worldwide baseless. There is very little certainty about when this will end and life would return back to normalcy.
Considering the present global situation of the COVID-19 pandemic, many top companies across the globe have asked their employees to work from home until the situation becomes better and the Coronavirus is suppressed. Companies like JP Morgan, Google, Microsoft, Ford, Amazon, Twitter, Facebook, Apple, and many others have already taken the initiative to protect the health and safety of their employees. Not going to the office is an effective means of preventing the transmission of the COVID-19 disease. It reduces the risk of an individual coming in contact with someone carrying the disease.
Work from home is not all that difficult as it may seem like. An active internet connection along with cloud office suits and SaaS apps make the transformation from the office desk to the living room a seamless and hassle-free one. Considering the massive number of employees working remotely, it is important for companies to ensure data security.
Working remotely will definitely avoid the concerns related to COVID 19. However, it would increase the concerns related to cyber threats which can be even more disastrous to a company. According to Palo Alto Networks, 98 percent of all traffic on IoT devices is unencrypted, leaving the personal and confidential information on the data network susceptible to malware attacks. Taking advantage of the recent Coronavirus outbreak, the internet is flooded with COVID-19 related phishing scams that push malware, spyware, ransomware, Trojans, and viruses into the system in an attempt to steal passwords and confidential information
Small to large-scale business are concerned about Cybersecurity threats because many organizations do not have any of the following:
- IT security policies for remote workers
- Solutions to provide a secure environment
- Appropriate incident response plan
Our team of Cyber Security experts has compiled some of the industries best security practices and free or long-term trial solutions to protect employees while they work from home:
- Zero Trust Security: Zero trust is a comprehensive approach to secure all access across the network, it is regardless users are working from the office or home. Zero trust security requires strict verification of a person and device trying to access critical resources. Zero trust means “never trust, always verify”. Multi-factor Authentication (MFA) is a fundamental piece of the Zero Trust Security model, employers must implement MFA on all critical servers and VPN connections. You may leverage long term trial of Okta Multi-Factor Authentication (6 Months Free) or Cisco Duo Security (Valid till July 1, 2020).
- Endpoint Security: Computers, laptops, and mobile devices serve as points of access to an enterprise network. Endpoint security solutions must be deployed on company-owned or personal devices before accessing any of the enterprise resources. Apart from endpoint security solutions, all software and operating system must be up to date with the latest releases and patches. SentinelOne offers long term Endpoint Solution valid till May 16, 2020.
- Password: Access credentials are highly important, they are the key to access your data. Users must understand the severity that easy-to-guess passwords bring, users must not use the same password for multiple accounts or websites. We recommend the use of password manager, leveraging such tools, users will have to remember only one master password as password manager creates and stores the unique complex passwords for each website you access. Explore 1Password Business is offering 6 months free license.
- Phishing Awareness: Coronavirus themed phishing attacks are on the rise, users must check the sender’s name and from address, spelling or grammatical errors, and double-check the URL given in the email before clicking the same. There are tones of phishing campaigns going on by manipulating domain names of CDC or WHO, users must carefully identify the domain from “From:” address. Employers must run phishing awareness training programs to ensure users are well trained to differentiate between legitimate and phishing emails. We at Cloud24x7 are offering 2 months free Corona themed phishing simulations.
- Secure Access: Securing remote access to enterprise resources is typically achieved by using a VPN. VPN provides secure encrypted communication over the untrusted public internet. SSL-VPN is less complex than IPSec, we encourage to use SSL-VPN to reduce IT helpdesk calls/tickets. You can also leverage the Web Application Firewall (WAF) module of your firewall subscription using which one can publish internal resources with Two-Factor authentication. A couple of vendors offering long term trials, you may explore these options: Cisco offers Umbrella and Any Connect Client valid till July 1, 2020, Clavister Next-Generation Firewall (90 Days Trial), Virtual Sophos XG Firewall (90 Days Trial), and Beyond Trust Secure Remote Access – 90 Days Trial.
- Home Internet: There are lots of ways to hack into home internet as many home routers are using factory default settings such as passwords, preshared keys, SSIDs, and weak configuration. Users must use WPA2 with a complex password and preshared keys. Keeping home devices up to date with the latest firmware or software is also a must to avoid any vulnerabilities. Minim offers free 4-month license of corporate WiFi system for the home users, you may try this.
As a part of our commitment to protecting businesses from Cybercriminals, we are pleased to launch CoronaVirus Security Helpline! You may take advantage of this helpline in this difficult period.