COVID-19 implications for remote work and cyber security
Organisations are rethinking operations and how employees can work, with more employees working remotely, in light of the coronavirus outbreak.
Two security experts have provided guidance on how organisations can protect themselves and employees from potential cyberattacks and hackers.
Michael Warnock, head of growth, APJ at SecureAuth, says “as more companies around the world insist staff work at home to protect themselves against contracting the coronavirus, the pressure builds on companies in Australia to do the same. It really is a wakeup call for organisations to rethink their cyber strategies to enable employees to work away from the office without increasing security risk. Many organisations will be reviewing their ‘remote working’ policies and security needs to be top of mind. The identity security systems employees use to work at home must be secure and user-friendly. If organisations make it hard for their staff to work remotely, this will lead to frustration and ultimately will have a negative impact on productivity. When the Australian economy is already reeling from the impact of the coronavirus, organisations need to take this opportunity to rethink their security strategies to ensure business can carry on, data is secure and employees are protected.”
Jacqueline Jayne, Security Awareness Advocate at KnowBe4 says “The outbreak of COVID-19 has seen many organisations encourage their people to work from home or work remotely. While this is a logical step in keeping us safe from becoming sick, we also need to be safe when it comes to cybersecurity. Without preparation, businesses and their people are potentially more vulnerable as Hackers increase their onslaught of cyber-attacks on to unsuspecting people. We have seen an influx of phishing emails designed to entrap users to click on a link or open a PDF which will unleash malicious software (malware). The very nature of COVID-19 causes fear and panic in many and hackers use this to their advantage. There are reported cases of emails supposedly from the CDC and the World Health Organisation and hackers are finding ways to exploit everything about the situation. When you are working without your IT support team down the hall or a colleague sitting next to you to speak with, a suspicious email received at home seems different somehow. It’s important to be more aware than usual and know what you need to do should this situation present itself. When it comes to remote working both IT and HR will need to play together for completeness. Every organisation is different and will have specific needs to consider.”
Below are some tips both employers and employees to remain safe during this period:
Tips for employers:
- Get a remote working security policy
- get a password management policy
- ensure you have robust access privileges set up for your data, and
- provide security awareness training.
Tips for employees
- Comply with relevant policies
- keep your physical workplace secure at home
- keep work and personal information separate
- only use company supported storage data – not USBs or external hard drives unless they are secure
- avoid free wi-fi and consider a VPN so your internet traffic is encrypted
- lock your devices when you move away, and
- report anything suspicious.