From the May/June cover story, Keeping employees safe online during lockdown, below is list of tips and risks from cybersecurity and HR professionals that can help ensure data stays protected even when working from home.
How to help prevent cyber security threats:
- Never share personal or financial information via email or message.
- Verify link is from a trusted source before sharing within an organisation
- Use a Virtual Private Network (VPN) where possible to remotely share data
- Use encrypted messaging services for work communication
- Create a recovery plan in case they're hit with a breach stemming from work-from-home conditions.
- Use strong passwords and multifactor authentication.
Risks to be aware of with a remote workforce
The UK’s National Cyber Security Centre (NCSC) has identified the following key types of COVID-19 cyber attacks to look out for:
- Phishing - Email, SMS, or WhatsApp messages with COVID-19 related content that lure people to click on links to phishing websites where personal or financial information is stolen.
- Malware distribution - This will often come in the form of emails asking readers to open an attachment or download a file, which contains malware or ransomware and therefore compromises their device. These email campaigns may appear to come from official sources e.g. the World Health Organisation.
- Registration of new domain names - Phishing emails or messages may lure people to click on links to websites designed to steal user credentials. They will lead the user to a ‘spoofed login’ page where they will be asked to submit information such as their email password.
- Attacks on remote working systems - With many people now working on remote systems, cyber criminals are exploiting vulnerabilities in systems such as Virtual Private Networks (VPNs) and videoconferencing systems by sending emails with links to malicious files that purport to be links inviting someone to join a call.
- Password spraying - Malicious cyber groups try commonly used passwords to gain access to and compromise accounts. Commonly used passwords include those based on the name of the organisation being attacked, the month of the year and/or the seasons.”
For more about HR's role in cyber security you can read the first part of this story here.
This piece appears in full in the May/June 2020 print issue. Subscribe today to have all our latest articles delivered right to your desk