Over the past few months, organizations of all types and across all industries have rapidly shifted to remote working to counter the unprecedented challenges posed by the COVID-19 pandemic. From healthcare organizations offering virtual consultations to educational institutions conducting remote classes, it is truly amazing to witness how technology is being used to stay productive and connected even when people are working remotely.
Millions of employees worldwide are now working remotely due to the global crisis, but are they doing so safely and securely?
This becomes is an essential business question to ask in the present times. These days, from our inboxes, to mobile alerts, and news updates, are all covered with info related to the pandemic. Due to high stress levels, most people click on links related to COVID-19 without much of a second thought. The attackers know this, and are utilizing this psychology to their advantage. Therefore, there is an increase in the success of phishing and social engineering attacks.
The latest probe by Microsoft suggests that these attacks are settling into a rhythm that is the normal ebb and flow of the threat environment, and most nations across the globe have witnessed at least one COVID-19 themed attack.
It is not that attackers have suddenly come up with secret resources. Instead, they are pivoting their existing infrastructure for the distribution of ransomware, phishing emails, and other malware. They have so far been successful in leveraging COVID-19 related keywords to get clicks and email opens. Once you click, attackers can infiltrate your inboxes, steal your credentials, share malicious links with your coworkers, and lie in wait to steal the information that will give them the biggest payout.
In the wake of these facts, it is important to strike a balance between enabling remote working while ensuring security. Here are some things you need to watch out for:
Ensure safety and privacy while collaborating online – When you enable employees to work remotely it is critical to manage who participates in meetings, who can present and who has access to meeting information. Choose a teamworking solution that empowers the meeting organizers to use controls to decide which person outside your organization can join your meetings directly, and who has to wait in the “lobby” to be let in. For further control, the meeting organizer should be able to designate “presenters” and “attendees,” ensuring that no unauthorized attendee can take control of the meeting.
It is equally important to moderate and control who is and isn’t allowed to post and share content as well as to monitor chats to help prevent negative behaviors like bullying and harassment. Before you record a meeting, all the participants should be notified and the recordings should be stored in an encrypted repository, available only to those who were on the call or directly invited to the meeting.
Add a layer of security – Microsoft’s (Multi-factor Authentication (MFA) is a two-step verification process that is widely used in many consumer applications today, including ones for online banking. It protects the users from cyber-attacks that are especially targeted towards accounts with weak or stolen passwords. Having this feature turned on (by the IT administrator) provides an additional layer of security for the collaboration tools. It should be kept in mind, cybercriminals are looking for ways to exploit vulnerabilities and leverage the weakest links. By protecting usernames and passwords and having a second form of user verification can help organizations to significantly strengthen their security perimeter.
Safeguarding personal data – It is equally important to ensure that the collaboration tools offered to employees are designed for enterprise-grade deployment. They should include industry-standard technologies such as Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) to encrypt all data between devices and the cloud. They should have additional safety measures for data loss prevention and sensitivity labels in place to restrict and regulate people who can access sensitive information.
Check for Privacy criteria – Certain ground rules need to be ascertained before selecting the right collaboration tool for your organization. These are:
It’s very clear that enabling remote work is more important than ever, and that it will continue to have lasting value beyond the COVID-19 outbreak. As organizations gear up for this evolution, it is important to keep a close eye on the security and privacy of your enterprise data. Once security has been ensured, organizations can work more effectively and with peace of mind.