Managing Business Risk in the context of increased remote Tele-work

Home » Insights » Remote Tele-work & Cyber Safety

Remote Tele-work & Cyber Safety

As business leaders, our priority and paramount concern is the health and safety of our employees, staff, contractors, customers, clients, and community. The response to COVID-19 has affected many of us – family, friends, and business partners locally and around the world. When it came to virus detection, our major worry until recently has been cyber-related, and how it might affect our technology services. We now have a different virus challenge. 

The COVID-19 outbreak is an unstable dynamic situation and has the potential to be incredibly impactful and disruptive to our organizations – corporate, non-profits, and governments alike. As the majority of our work force transitions to working remotely, bad actors and cyber attackers have ramped up their malicious efforts to create and spread more fear, uncertainty and doubt (FUD), in addition to stealing your information and company data.

Attacks  And Scams

Right now hackers and bad actors are targeting a variety of our essential services for living and working including:

  • Banks, Credits Cards, Gift Cards and most sources of Money,
  • Grocery Stores, Restaurants, and Food Delivery Services,
  • Doctors, Hospitals and Pharmacists (Medicines),
  • Online Movie Services, Podcasts and other Entertainment,
  • Pandemic Information Updates and Government Websites, and more!

They want your credentials, login IDs and credit card numbers to steal your personal information, money and company data. They are doing this using easily available tools – social media platforms, devices, apps, texting, instant messaging, emails – and anything else that can get a malicious link to you.

Cyber attackers do this through:

  • fake emails – phishing scams,
  • fake voice mails – vishing,
  • fake ads and coupons, 
  • fake websites and landing pages, 
  • fake direct SMS texts to your phone, 
  • fake videos and images on social media, 
  • fake PDFs and documents,
  • fake authority communications.

The bad actors offer:

  • fake COVID-19 and pandemic info,
  • fake financial aid and loans,
  • fake grocery and food delivery sites,
  • fake medicines and pharmacists,
  • fake online doctors and medical tests,
  • fake bank sites, fake credit card sites,
  • fake movie and entertainment,
  • fake unemployment sites,
  • fake government sites,

When you use these services, it is best to type in the URL (website address) manually instead of following a click-through search, ad or delivered link. The malicious URLs are propagated using a variety of means including domain names only one character off, through embedded attachments, or even landing on a web page.

Eight (8) DO’s and DON’T’s

  1. Use Secure VPN. Always use your secure VPN on your devices. This ensures you have a secure encrypted communication ‘tunnel’ while working. Bad actors can monitor your traffic. Public wi-fi hotspots should be avoided. 
  2. Don’t Mix Devices. Conduct business on corporate devices to ensure cybersecurity hygiene for your corporate and client data. 
  3. Regular Sign On. Ensure you log onto your corporate network regularly to get the most recent updates. With the evolving cyber threats, new attacks are coming out daily.
  4. Use Multi-factor Authentication (MFA). Enable and use you’re a multi-factor authentication credentials. MFA adds an essential layer of protection for your credentials.
  5. Don’t Share Passwords. Even at home, don’t share your passwords. In addition, please don’t write down credentials and passwords on paper, sticky pads or other mediums where they can be seen or retrieved.
  6. Don’t Click Through. If it seems suspicious, don’t click through. Type in the URL or web address manually. Report it to your IT support if possible. Do NOT forward or send the malicious content.
  7. Verify If In Doubt. If you have a request from your supervisor, co-worker or subordinate for information or money that appears suspicious – STOP. Pick up the phone or use other safe means to verify the request. Business Email Compromise (BEC) is fast on the rise.
  8. Avoid New Apps. Hackers and scammers have flooded app stores with mobile apps (and websites) faking a variety of our essential services – banking, food delivery, government, entertainment. Be careful, be mindful.

Actionable Take-Aways During the Covid-19 Outbreak Leading Through This Crisis

  1. Clear and Frequent Communication:
    Lack of data creates a vacuum leading to ill-informed decisions, and unease throughout your organization. Ensure you and your peers communicate clearly and frequently with messaging that provides directed guidance and actionable take-aways.
  2. A Single Source of Truth:
    Avoid multiple sources and channels of information. Create a single portal that works for your organization – an app, a website, a hotline. Leverage existing data and risk assessments to support better decision making, enable transparency and communicate progress efficiently and effectively with employees, staff, and others.
  3. Provide Collaboration Tools:
    Whether you have established remote working capabilities or not, you need to provide secure solutions for your organization. Determine how your organization works and provide the necessary platforms identifying critical use cases. This includes general communications and secure access to instant messaging, file sharing, enterprise applications, and other systems of engagement.
  4. Cybersecurity Safety:
    Cyber aggressors are taking advantage of this global crisis by sending malicious emails and perpetrating other scams.