In the last couple of weeks, the world has changed in unprecedented ways. Owing to the coronavirus pandemic, companies across the country have resorted to remote working while advocating work from home policies to ensure business continuity. In the process, organisations have been rushing to embrace technology to allow collaboration and ensure productivity with various tools for video conferencing, chat applications, tech support and so on. Clearly, we are in living in hyper-connectivity.
The main focus among employees now is managing their tasks and responsibilities – both at home and at their remote workplace; and while technology has enabled much of it, the current scenario may lead to a wavering attention towards ensuring cybersecurity, greatly affecting each organisation’s security profile. In this scenario, CISOs (chief information security officers) and admins must urgently look at new scenarios and models to address new threat vectors, as their places of work transform into distributed organisations overnight.
Here are five best practices for organisations and employees to follow:
> Team up and manage logins: Employees are chatting and sharing more than usual during this time, even if there isn’t an official tool provided by IT. That’s why it is recommended for all employers to take advantage of the six months of free premium Microsoft Teams which now has no limit on how many users can join or schedule video calls using the “freemium” version. That way, employees know which channels to use, and CISOs can better manage them securely.
> Sensitise employees about phishing attempts: Remote workers have access to propriety data and information and your network. Warn employees to expect more phishing attempts, including targeted spear phishing aimed at high profile credentials. Be clear on what official communications about business continuity and health and safety should look like and from where they should originate. Have employees watch out for urgent requests that violate company policy, use emotive language and have details that are slightly wrong—and provide guidance on where to report those suspicious messages.
> Establish a clear communications policy: Establishing a clear communications policy helps employees recognise official messages. For example, video is harder to spoof than email: using an official channel like Microsoft Stream can ensure employees are able to distinguish legitimate communications from phishing, while helping people to feel more connected; and on-demand streaming also helps employees juggling personal responsibilities, like school closures or travel schedule changes.
> Warn about dubious links: 91% of cyberattacks start with an email, which can lead to malicious links directly. Warn employees not to click on links if they suspect an email to be a scam. One method of testing the legitimacy of a link is to rest your mouse—but not click—over the link to see if the address matches what was typed in the message.
> Suspicious attachments: Likewise, do not open attachments in emails that are from strangers, or an email from someone you do know but with an attachment you weren’t expecting. It may be a phishing attempt, so we recommend you do not open any attachments until you have verified their authenticity. Attackers use multiple techniques to try and trick recipients into trusting that an attached file is legitimate.
Mary Jo Schrade is Assistant General Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia.
Views expressed are personal.