On Monday, March 23, PA Governor Tom Wolf ordered residents in the seven counties hardest hit by coronavirus pandemic, including Allegheny County, to stay home for the next two weeks unless they have a dire need to leave their home. Earlier in the month though, the CDC recommended that gatherings of 50 or more people be stopped for at least 8 weeks. For the most part, any company that has the capabilities of allowing employees to work from home have been operating as such for the past 2 weeks or so. Restaurants and bars are only serving food by takeout or delivery. Only essential life sustaining businesses are allowed to remain open for the moment in PA.
Transitioning from a trusted office environment to a work from home policy can create security risks. So how can employers and employees maintain best practice cybersecurity measures while employees work remotely? In response to this, the European Union Agency for Cybersecurity (ENISA) has issued a series of tips and recommendations for companies moving to a remote working environment.
They are urging employees working from home to not mix work and leisure activities on the same device. As far as it is possible, use corporate intranet resources to share working files. This ensures working files are up-to-date and at the same time, prevents the sharing of sensitive information across local devices. Data at rest should be encrypted (including local drives), antivirus must be installed and fully updated, operating systems should be up-to-date and virtual meeting URLs should not be shared on any public channel.
As for employers, they need to ensure corporate VPN solution scales and are able to sustain a large number of simultaneous connections. They should provide video conferencing for corporate clients and ensure all corporate business applications are accessible only via encrypted communication channels (SSL VPN, IPSec VPN). All applications portals should be secured using multifactor authentication mechanisms and direct internet exposure of remote system access interfaces should be prevented. Where possible, provide all employees corporate devices with up-to-date security software and patch levels. Ensure adequate IT resources are in place to support staff in case of technical issues (and make sure they know who to contact) as well as policies for responding to security incidents and breaches are in place.
The ENISA has also observed an increase in coronavirus-related phishing attacks. Due to the increase in phishing attacks related to the coronavirus, it is important to step up our cyber hygiene. As one should be in any situation, always be suspicious of emails that ask to check or renew any account credentials and those regarding references to the coronavirus should be navigated with extreme caution. Remember, emails that create an image of urgency or consequences are typical of phishing campaigns. Be suspicious of any email from someone you don’t know and always verify the source of an email before clicking any links or providing any information. If you are not expecting an email or it is asking for account credentials, contact the organization or person the email appears to be from in a separate communication. Emails from people you do know but are requesting unusual things (something you wouldn’t typically expect) are indicators as well, remember you can always call them to verify they sent the email.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.