On Monday, March 23, PA Governor Tom Wolf ordered residents in the seven counties hardest hit by coronavirus pandemic, including Allegheny County, to stay home for the next two weeks unless they have a dire need to leave their home. Earlier in the month though, the CDC recommended that gatherings of 50 or more people be stopped for at least 8 weeks. For the most part, any company that has the capabilities of allowing employees to work from home have been operating as such for the past 2 weeks or so. Restaurants and bars are only serving food by takeout or delivery. Only essential life sustaining businesses are allowed to remain open for the moment in PA.
Transitioning from a trusted office environment to a work from home policy can create security risks. So how can employers and employees maintain best practice cybersecurity measures while employees work remotely? In response to this, the European Union Agency for Cybersecurity (ENISA) has issued a series of tips and recommendations for companies moving to a remote working environment.
They are urging employees working from home to not mix work and leisure activities on the same device. As far as it is possible, use corporate intranet resources to share working files. This ensures working files are up-to-date and at the same time, prevents the sharing of sensitive information across local devices. Data at rest should be encrypted (including local drives), antivirus must be installed and fully updated, operating systems should be up-to-date and virtual meeting URLs should not be shared on any public channel.
As for employers, they need to ensure corporate VPN solution scales and are able to sustain a large number of simultaneous connections. They should provide video conferencing for corporate clients and ensure all corporate business applications are accessible only via encrypted communication channels (SSL VPN, IPSec VPN). All applications portals should be secured using multifactor authentication mechanisms and direct internet exposure of remote system access interfaces should be prevented. Where possible, provide all employees corporate devices with up-to-date security software and patch levels. Ensure adequate IT resources are in place to support staff in case of technical issues (and make sure they know who to contact) as well as policies for responding to security incidents and breaches are in place.
The ENISA has also observed an increase in coronavirus-related phishing attacks. Due to the increase in phishing attacks related to the coronavirus, it is important to step up our cyber hygiene. As one should be in any situation, always be suspicious of emails that ask to check or renew any account credentials and those regarding references to the coronavirus should be navigated with extreme caution. Remember, emails that create an image of urgency or consequences are typical of phishing campaigns. Be suspicious of any email from someone you don’t know and always verify the source of an email before clicking any links or providing any information. If you are not expecting an email or it is asking for account credentials, contact the organization or person the email appears to be from in a separate communication. Emails from people you do know but are requesting unusual things (something you wouldn’t typically expect) are indicators as well, remember you can always call them to verify they sent the email.
Download our How to Avoid COVID-19 Scams infographic to keep security awareness top-of-mind during this pandemic.
Sources:
https://www.enisa.europa.eu/news/executive-news/top-tips-for-cybersecurity-when-working-remotely
https://www.zdnet.com/article/working-from-home-cybersecurity-tips-for-remote-workers/
Please visit our Coronavirus resource page for related content.
How Can Schneider Downs Help?
The Schneider Downs cybersecurity practice consists of experts in multiple technical domains. Learn more about our cybersecurity firm and services at www.schneiderdowns.com/cybersecurity or contact us at [email protected].
