Working from home? Attackers are too

The outbreak of the Coronavirus has been declared a pandemic. One of the key measures, as advised by national authorities, is to create physical distance between people to minimize the risk of spreading the infection. 

With the exponential increase of coronavirus infection over the last months and more people working from their homes, cyber attackers have already started to abuse fear and panic to spread malware and defraud victims: 

The Brno University Hospital in the Czech Republic, which was also one of the COVID-19 testing facilities, was hit by a major cyberattack in March. The consequence was that individual systems started to fail, leading to an immediate computer shutdown in the midst of the coronavirus outbreak.

Monica Verma, Chief Information Security Officer, TietoEVRY Financial services, provides some guidelines to ensure continued security whilst working from home.  

“We are living in surreal times. A security mindset is more important now than ever. It is vital to create a comfortable work environment and secure digital interaction. Do not underestimate the psychology of security or lack thereof.”  

Securing home office amidst coronavirus pandemic

How can you protect yourself and your organization digitally whilst working from home? Here are some basic but highly effective measures you can take.  

• Security mindset is more important now than ever. First of all – remember you are at work! Make sure you have a comfortable zone where you can work undisturbed.
• Be more vigilant and wary of ongoing scams, phishing campaigns and clicking on suspicious links that are related to Coronavirus. Attackers are using fake Coronavirus domains to lure and scam people seeking information about the virus, and to target people with the goal of spreading malware, stealing digital identities, etc.
• Threat picture – evaluate your home office location and any inherent risk. Evaluate your surroundings and implement the necessary precautions. Be aware of who is present nearby and might be listening or observing. 
• Protect your access rights, your computer, your working area and yourselves. Remember to log out when you leave your computer and be aware of storing the equipment in a safe and secure location. 

“In the midst of one of the worst pandemics our generation has experienced, we are seeing an increase in phishing campaigns and fraud, as attackers actively abuse the fear and panic in the society.”  

• Always ensure your devices are up to date. Make sure all your devices including personal routers, your anti-virus solutions on your devices, etc. are up to date. Employees working from home should use a company-approved device for office work.
• Ensure that you follow best security practices with regards to encrypting sensitive data at rest and in transit. Use HTTPS or end-to-end encryption whenever available or necessary. In case of sensitive or critical business applications, ensure you connect via a VPN. Amidst global challenges with VPN connectivity due to the pandemic and extensive home office, it is critical that you understand the difference between and use of end-to-encryption, thereby reducing dependency on VPN.
• Employees connecting through their home Wi-Fi must ensure that they have a strong password, and to avoid using public or unsecured networks, such as at cafes without VPN. Ensure your Wi-Fi is set to use WPA2 encryption only.
• Use two-factor authentication, preferably with the authenticator app or hardware token. This is one of the most important practices to secure your accounts. If not possible to apply always, ensure to use it whenever and wherever possible, particularly with all sensitive and critical applications.
• In case of suspicious email, do not click and please report to your security department or your vendor’s anti-phishing email address right away. Remember – at this point you are the “Human Firewall”.

Continued security is essential for business continuity, particularly towards critical societal infrastructures and services such as healthcare, finance, energy, etc. It is vital that all security leaders ensure similar security maturity as before. In some focus areas, a higher security level is necessary during this pandemic, such as vulnerability scans, patching, detect and response, and security incident management.  

To ensure the safety of all employees, TietoEVRY, like many other organizations worldwide, has instructed employees to work from home. Safety of our people and security of our customer deliveries are TietoEVRY’s top priorities. However, when more than 90% of the task force is working from home, how does one ensure the security of customer deliveries, particularly when they are extremely critical and vital to our society.

Amidst an international crisis, it is more important now than ever for us to help each other stay safe and secure!  

Want to hear more? Listen to our webinar recording on how to build cybersecurity into the DNA of cloud native applications.