To deal with the Coronavirus threat, organizations across the world have resorted to Remote Work culture overnight. To ensure business continuity, organizations have been rushing to embrace technology to allow collaboration and ensure productivity with various tools for video conferencing, chat applications, tech support, and so on. While these tools have provided many organizations with great flexibility, these dramatic changes in how we work, share and collaborate can also greatly affect each organization’s security profile.
In this scenario, CISOs and IT admins must look at new scenarios and models to address new threat vectors, as their places of work transform into distributed organizations.
Mary Jo Schrade, Assistant General Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia has shared five cybersecurity best practices for organizations and employees to follow, while they adopt Remote Work.
Team up and manage logins: Employees are chatting and sharing more than usual during this time, even if there isn’t an official tool provided by IT. That’s why we recommend all employers take advantage of the six months of free premium Microsoft Teams which now has no limit on how many users can join or schedule video calls using the “freemium” version. That way, employees know which channels to use, and CISOs can better manage them securely.
Sensitize employees about Phishing attempts: Remote workers have access to propriety data and information and your network. Warn employees to expect more phishing attempts, including targeted spear phishing aimed at high profile credentials. Be clear on what official communications about business continuity and health and safety should look like and from where they should originate. Have employees watch out for urgent requests that violate company policy, use emotive language and have details that are slightly wrong—and provide guidance on where to report those suspicious messages.
Establish a clear communications policy: Establishing a clear communications policy helps employees recognize official messages. For example, video is harder to spoof than email: using an official channel like Microsoft Stream can ensure employees are able to distinguish legitimate communications from phishing, while helping people to feel more connected; and on-demand streaming also helps employees juggling personal responsibilities, like school closures or travel schedule changes.
Warn about suspicious links: 91 percent of cyberattacks start with an email, which either leads to malicious links directly or which contains dangerous attachments. Warn employees not to click on links if they suspect an email to be a scam. One method of testing the legitimacy of a link is to rest your mouse—but not click—over the link to see if the address matches what was typed in the message. In the following example, resting the mouse on the link reveals the real web address in the box with the yellow background. Note that the string of IP address numbers looks nothing like the company’s web address.
Suspicious attachments: Likewise, do not open attachments in emails that are from strangers, or an email from someone you do know but with an attachment you weren’t expecting, it may be a phishing attempt, so we recommend you do not open any attachments until you have verified their authenticity. Attackers use multiple techniques to try and trick recipients into trusting that an attached file is legitimate.
It is estimated that since the pandemic began, hackers have ramped up phishing and ransomware attacks fivefold. It is more crucial now, than ever for every employee of an organization to uphold the best practices of cybersecurity.