How to boost cybersecurity during Covid-19 pandemic
Technology consultancy CGI has offered some quick tips for ensuring cybersecurity in the Covid-19-impacted work environment.
Covid-19 is being exploited by scammers and hackers, as they prey on fear and uncertainty, as well as a flood of people switching to remote work – and potentially outside company networks.
CGI notes that many employees are using texts and collaboration platforms as companies struggle with virtual private network (VPN) licensing issues or bandwidth problems. This opens up the security risk burden of those “outside the firewall,” making it more difficult for cyber leaders to prevent DDOS attacks and data leakage.
CGI says it has noticed a sharp uptick in cyber threats such as phishing scams, malware, and ransomware since the pandemic crisis dawned.
With many companies having employees “outside the firewall,” cyber leaders should factor in certain security measures, the consultancy says.
They should first increase employee awareness around malware and phishing scams. Employees should be aware of red flags, such as unsolicited emails from authoritative agencies or emails stressing urgency and a request of personal details. Other warning signs are odd or unfamiliar greetings (“Dear Sir/Madam”), odd email addresses, and spelling and grammar errors/awkward phrasing. Employees should also be wary of attachments and embedded links.
Leaders should also work on data leakage prevention, including rules on communicating via unlicensed chat and collaboration platforms. They should ensure where possible that employees use a laptop issued by work and an approved secure remote access connection to connect to work. Endpoints should also be updated, including all software and security updates and patches. Anti-malware and endpoint firewalls should also be up-to-date and enabled.
Users should also not browse the web for personal reasons during a remote access connection, and should avoid using public Wi-Fi.
CGI recommends that cyber leaders also ensure that DDoS protection is working as intended, and should potentially look into 24/7 incident response – at least for the coming weeks.