With many employees being encouraged or forced to work from home due to the COVID-19 virus, hackers are finding themselves with a plethora of new targets, and IT departments are facing new challenges in ensuring the security of their networks, according to articles from The Hill and The National Law Review.
A recent alert from the Cybersecurity and Infrastructure Security Agency (CISA) stated “As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors.” The alert also noted organizations should “Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.” CISA also warned of an expected uptick in phishing emails, targeting those working remotely, with the intention of stealing passwords or other critical information.
To help protect against these attacks, cybersecurity groups like FireEye are recommending stepping up security training for employees. Matt Shelton, director of technology risk and threat intelligence for FireEye, recommends employers “Provide security awareness training for remote workers. Focus on physical security topics such using a privacy screen, limiting work on confidential material in public spaces and securing physical computing assets.”
Comparably, employers can assist remote workers in their cyberhygiene by using these guidelines:
· Requiring all devices accessing the network to use up-to-date employer-standard security software;
· Enforcing multi-factor authentication for logins;
· Using a VPN with end-to-end encryption;
· Limiting the use of public WiFi, or working in public places;
· Applying additional restrictions on the download of sensitive data.
Sources:
https://www.natlawreview.com/article/protecting-against-cybersecurity-threats-when-working-home
