Remote Working or Learning from Home? Be Aware of these Cyber Risks
Working from home has suddenly become the new norm, with health officials imploring us to practice social distancing as a means of stemming the spread of the coronavirus. Higher Learning institutions as well as several schools are falling back on e-learning solutions to ensure studies continue in the absence of the risk.
But working or learning from home leaves many of us without the usual protections of institutional IT systems which tend to catch and alter out most spam, malicious or otherwise. The bottom line: we are especially vulnerable to cyber-attacks in the absence of this protection.
Keeping your organisation’s data safe can be achieved even while working remotely, by using a virtual private network (VPN) as your organisation’s online network for remote work. VPNs connect devices to a secure server, allowing users to avoid insecure home or public wi-fi networks. Users will also have an extra degree of privacy by obscuring their actual location (their IP addresses will point to the location of the server, not their actual device). Some VPNs connect users to overseas servers, allowing them to access online material (such as streaming media from other countries) normally inaccessible to US-based users. In addition, all data on a VPN is encrypted, adding an extra layer of security.
VPNs, like any other network, however, still have their vulnerabilities. According to the US Department of Homeland Security – CISA: cybercriminals are increasingly finding ways to infiltrate them, both by identifying their technical vulnerabilities and through phishing emails tricking employees into revealing their usernames and passwords. Adding to their vulnerability is the fact that many organisations fail to keep up with the latest patches and security updates since the network is active around the clock. By being proactive and following a few simple strategies, however, you can ensure your organisation stays secure and user-friendly while everyone is working or learning from home.
Guidelines for Remote Working and Learning
- Confirm that everyone has the technical resources needed for remote work, including a strong internet connection and an up-to-date computer.
- Ensure the security features of the VPN and all devices using it are updated regularly.
- Scan all remote assets for viruses and other potential security issues.
- Implement two-factor authentication for logins.
- Implement controls to block users from browsing potentially malicious sites from home.
- Train your team to recognise and avoid phishing attempts (perhaps have them read this article!)
- Have a response plan in place in the event a data breach occurs.
Summary
The Coronavirus crisis is not only a health issue. As working from home becomes the new normal, so we have to be increasingly vigilant to digital threats, cyber-attacks and online crimes as well.
This is true for our organisations, ourselves and our loved ones, including our children who learn from home and spend a significant amount of time online.
We need to join forces to ght these threats together. The Institute of Advanced Cyber Defence, together with our global partner Cybint Solutions, offer support to our partners, colleagues and the general public by providing free access to content, online webinars, and training programs that are relevant for the current situation.
Cybint is The Institute of Advanced Cyber Defence’s global education partner. Cybint is an international cyber education leader committed to solving the significant global shortage of cyber security experts and putting an end to the growing threat of cyber crimes, by helping financial institutions, companies, government agencies and universities to develop cyber security and intelligence capabilities. In certain circumstances we call on experts from other partners like providers of amongst others cyber intelligence and security consulting services, data mining solutions, as well as breach attack simulation software.
The Institute of Advanced Cyber Defence aims to advance both the quantity and quality of knowledge and skills in the domain of cyber intelligence and security. The Institute’s expertise is based onfirst-hand experience protecting organisations from cyber threats and attacks, as well as on the expertise of a network of companies from tier-1 countries that are global leaders in advanced cyber defence services and solutions. Their offerings are military-grade and find their origins in law enforcement and national security, with their team members often having served in leadership positions in the world’s elite national cyber defence units. As such, our pedigree is unmatched and with our partners we seek to further develop and transfer this know-how for the benefit of individuals and organisations alike via a number of avenues.