Cyber Threats: Protecting Your Business in A Remote Work World
Opportunistic criminals abound in the era of COVID-19. With the huge increase in remote work, bad actors are out in force with sneaky phishing schemes and cyber-attacks. (Because the health and safety, business continuity and PPP loan compliance issues weren’t bad enough already!) Thankfully, several government agencies have provided free resources and guidance on how to mitigate the heightened risks.
The Latest Phishing Scams
The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has reported numerous COVD-19-related threats in the past few months. Most recently, the agency has reported an anonymous cyber attacker who is spoofing the Small Business Administration’s (SBA’s) COVID-19 relief webpage. This scam is perpetrated via an email that appears to be from the SBA and includes a link to the fake page. The page prompts unsuspecting business owners to log in, which allows the attacker to steal business owner’s credentials. View a screenshot from CISA’s website that contains the details of the scam
According to the Federal Communications Commission (FCC), workers are also being targeted directly with information about fake:
- COVID-19 tests,
- contact tracing,
- charity drives and
Older workers, in particular, are being targeted.
Because remote workers in general are at an increased risk of exploitation, it is important that your IT team sets up secure remote access and has appropriate, effective policies and procedures in place.
Plan for the Worst, Hire the Best
When it comes to designing your workforce’s remote access, The National Institute of Standards and Technology (NIST) advises business owners to assume that their worker’s devices will be acquired by malicious parties seeking sensitive data and that networks between their worker’s devices and company-owned devices cannot be trusted. Your controls should be designed to prevent malicious third parties from using your workers’ devices to gain access to your company’s network.
To help mitigate against cyber-attacks, business owners should consider:
- training your workforce on the signs of a phishing attack and alerting them to known phishing attempts,
- requiring the use of multi-factor authentication (MFA) to access all systems and devices,
- ensuring the availability of enough VPN connections for the entire remote workforce,
- keeping up to date with all of the latest security updates and patches.
In order to properly implement the above recommendations, you’ll need to hire top-notch IT professionals.
All “IT” Talent Is Not Created Equal
To effectively protect your organization’s business, customer and employee data, you need IT professionals with a cyber security skill set. Make sure you are hiring people with the right credentials, training and experience. With the increased demand for cyber security expertise, it may be wise to partner with a reputable technology human capital firm with significant cyber security capabilities. Firms with cyber security staff augmentation abilities source and vet the best talent to ensure that you are properly equipped to handle any risks related to remote work technology.