How to stay cyber safe during COVID-19
Numerous phishing and fraud campaigns have been reported in which perpetrators impersonate officials to trick unsuspecting targets. According to IBM X-Force researchers, there has been a 6000% increase in coronavirus-related scams since March 2020.
The rapid transition to remote work setups further complicates security demands, with more employees using personal devices and networks to do their work and access business data, platforms and networks. The International Association of IT Asset Managers recently raised concerns about the lack of preparedness in work-from-home procedures and the number of organizations that have left themselves vulnerable to cyberattacks and data breaches.
Everyone - consumers, employees and business owners - needs to approach security from multiple angles to protect sensitive data during the COVID-19 crisis.
Build zero-trust architecture
With non-essential workers forced to work from home, millions of people have suddenly found themselves left to their own devices to solve their networking and technology needs. Virtual private network (VPN) server capacity, bandwidth and traffic backhaul have all increased in response to the pandemic, creating security concerns for businesses everywhere. For instance, TOP10VPN has witnessed a 22% rise in VPN demand across the globe since the crisis began.
This situation is unlikely to change anytime soon, and work from home may, in fact, become a permanent fixture going forward. As such, business leaders need to approach their cybersecurity needs in a way that fully accounts for remote workforces.
Cybersecurity practices have steadily moved away from perimeter-focused tactics, recognizing the risk that internal actors present - even if that threat is unintentional. The coronavirus crisis has further increased the need for zero-trust architecture that addresses threats existing both outside and inside an organization.
In a traditional architecture, users gain special privileges once they have accessed the organization’s intranet. Some of those users may not necessarily need to have access to all the platforms and systems available to them, which creates unnecessary risk of exposure.
Zero-trust architecture removes such permissions, requiring every user to be authenticated before they can access enterprise systems, applications, cloud platforms and business data. This approach essentially does away with the concept of a perimeter altogether and forces users to continually verify their identity and access credentials.
Embracing a pure zero-trust architecture approach would also obviate the need for VPNs since it does not assume that all users inside the network are trusted and treats access requests with equal scrutiny. Many organizations are already on the path toward complete zero-trust network access: Gartner predicts that 60% of enterprises will have replaced most of their VPNs in favor of zero-trust architecture by 2023. Given current circumstances, businesses that are moving toward a zero-trust model should consider accelerating those plans and making the transition as soon as possible.
Secure WFH setups immediately
For many organizations, the move toward zero-trust architecture will be a gradual one, taking years to phase out old systems. In the meantime, they still need to safeguard their networks, platforms, applications and data as best as possible while their employees work from home.
Managing a remote workforce has become the new normal for most businesses, and few have had an opportunity to completely plan out those rollouts. COVID-19 has forced them to embrace work-from-home setups with very little warning. As such, many organizations have had to build security into their remote work strategies on the fly.
Personal devices, home Wi-Fi networks and unfettered access to business applications and platforms present a number of security concerns that need to be addressed as quickly as possible. Each employee is largely responsible for securing their own home offices rather than relying on an experienced and qualified IT team to manage those responsibilities.
There are a number of threats that employees need to account for within their WFH setups, especially regarding their home routers. For instance, malicious actors can execute domain name system hacks to redirect users to compromised websites. Employees may also use router credentials that are either easy to guess or remain unchanged from their factory settings, giving cyber criminals additional vulnerabilities to exploit.
Businesses should encourage staff members to step up their security measures when working from home, including taking these actions:
- Replace router passwords and other account login credentials with strong, unique passwords.
- Update your router firmware on a regular basis to download patches that address potential vulnerabilities.
- Check your DNS settings to ensure your DNS is a verified and trusted source.
- Increase the sensitivity of your firewall to weed out potentially malicious traffic.
- Consider switching DNS servers to one provided by the company.
Although organizations should eventually phase out their VPNs in favor of a zero-trust model, they can provide a good stopgap solution while that transition occurs. VPNs offer more security for remote workers, incorporating some measure of authentication to validate users and inspecting network traffic. Be sure to maintain a dedicated corporate VPN for all business activity to avoid scenarios where employees use their own unmonitored solutions.
Make cybersecurity a priority during COVID-19
As the coronavirus continues to spread, organizations need to rethink their security strategies to account for rising challenges. The shift to remote work models has dramatically changed the way employees interact with corporate networks, requiring more nuanced approaches to cybersecurity. Watch the full webinar on-demand to discover more ways to protect yourself and your company from emerging threats.
Stay up to date with the latest best practices, trends and developments like zero-trust architecture to address vulnerabilities and shore up your security posture. Enrolling in online computer security programs is a great way to develop skills and learn how to deploy countermeasures to resolve real-world issues. Stanford University offers graduate-level courses via the Cybersecurity Graduate Certificate and online professional development courses in the Stanford Advanced Computer Security Certificate that can help enhance your cybersecurity skills and knowledge. Enroll today to protect your organization.