The COVID-19 (coronavirus) outbreak provides a great opportunity for cyber criminals. As people shift to remote work, they can expose themselves and their organization to more risk.
For example, numerous reports are surfacing about Zoom videoconferencing breaches where hackers find and join unprotected meetings. Fake domains have increased as coronavirus phishing campaigns lure people into COVID-19 scams for fake health insurance, tests, vaccines, treatments and stimulus checks.
An increase in remote work creates more risk for phishing attacks, DDoS attacks and malware attacks in general. IT pros need to protect their agency in two ways: securing the remote workforce and providing end user training to ensure employees are taking steps to protect themselves, their devices and the organization’s network and data.
Setting Up a Secure Remote Workforce
IT pros are responsible for setting up their end users for success with secure devices and connections. As users migrate to remote work, these devices and systems are more vulnerable than they would be on site.
Here are some best practices for setting up a secure remote workforce:
- Communicate Policies for Secure Remote Work: If they aren’t already in place, establish and then communicate guidelines such as the following for handling confidential information at home:
- Do not use personal laptops for company business.
- Use dedicated devices for managing critical systems, such as Supervisory Control and Data Acquisition (SCADA) networks, to ensure secure operations.
- Do not use personal e-mail for company business.
- Do not print documents unless absolutely necessary, and shred work documents before discarding them.
- Train Employees on Best Practices: Provide employees with training and support related to real-world situations, such as securing remote working solutions, risks around unencrypted portable devices and emailing personal documents.
- Communicate About Increased Vulnerability: Talk to your employees about the heightened risk at this time, and provide clear guidance on how they should handle and report potential phishing emails and links clicked.
- Collect and Share Emergency Contact Information: Gather backup contact information (e.g., personal cell phone numbers) from key employees and make sure people know how to reach each other if someone gets locked out, has a cybersecurity issue and needs to log off, or the organization’s network goes down.
- Establish Secure Backup Communication: Set up secure communications for senior personnel, such as a secure texting group (e.g., Signal), in case the company falls victim to an attack. Leadership must have an alternative way to communicate.
If we have learned anything from this, it’s the importance of having these protocols in place before something happens. With the coronavirus, most organizations did not have enough time to set up remote workers before everyone was sent home, leaving IT teams to scramble after the fact.
Security Awareness Training for End Users
As end users migrate to remote work, they must be aware of basic cybersecurity guidelines to protect themselves and the company network. Our security awareness training videos can help you educate end users. And here are some cybersecurity tips for remote workers from CompTIA and the Harvard Business Review:
- Watch Out for Scams: Be extremely vigilant about phishing e-mails – coronavirus scams are on the rise, so it is imperative that everyone be overly cautious about opening email attachments or clicking links.
- Practice Good Cyber Hygiene: Just like washing our hands, we need to use good cybersecurity hygiene to keep our devices and networks clean. This includes using anti-virus protection, regularly updating all devices, including laptops and Wi-Fi routers, not using unsecured Wi-Fi, not using Bluetooth in public locations, locking down your login with multifactor authentication, changing your password regularly and following your employer’s guidelines on internet and device usage.
- Report lost or stolen devices immediately: Remote work increases loss and theft potential.
CompTIA is here to help you secure your network and remote workforce. Check out our free resources for IT pros, the COVID-19 resource forum and our cybersecurity, computer networking and cloud computing online resource centers.
The CompTIA Cybersecurity Career Pathway
If you are looking to enhance your cybersecurity knowledge or validate your skills, the CompTIA Cybersecurity Career Pathway covers the skills needed to secure a remote workforce. It begins with the CompTIA Security+ certification, which is intended for IT pros such as cybersecurity professionals, network administrators and systems administrators who have at least two years of experience.
This cybersecurity certification covers how to harden network systems and configure secure remote software, such as a virtual private networks (VPN), to allow employees to work from home with end-to-end security.
VPN best practices include:
- Use a VPN when dealing with personally identifiable information (PII) or sensitive data.
- Purchase a VPN subscription for your employees so it hides the IP address and physical location of remote employees to further prevent cybercrime.
In summary, we must ensure our remote workers are secure now and in the future. Protection involves a team effort between employee and employer. We cannot allow cyber criminals and hackers to disrupt our IT systems and remote work migration. Please follow the best practices listed in this article to help protect your organization. Together we can make a difference.
Stay up to date on cybersecurity best practices with CompTIA’s IT Careers Newsletter. Subscribe today and get 10% off your next purchase.
Patrick Lane, M.Ed., Network+, MCSE, CISSP, directs cybersecurity workforce certifications for CompTIA, including Security+, PenTest+, CySA+, and CASP+. He assisted the U.S. National Cybersecurity Alliance (NCSA) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a wide variety of IT projects as a network, security and server administrator, security analyst and architect. Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, born and raised on U.S. military bases, and has authored and co-authored multiple books, including Hack Proofing Linux: A Guide to Open Source Security.
Jen Blackwell also contributed to this article. She is a products marketing manager at CompTIA and oversees the certifications along the CompTIA Cybersecurity Career Pathway.