The looming threat of a massive phishing attack in India could imitate government organisations and can steal sensitive personal data and financial information. The advisory claims that the phishing attack, conducted by "malicious actors", will be done in the guise of a Covid-19 related directive and it is expected to begin on 21 June. These cyber-attacks will be focused on both individuals and business organisations ranging from small to large.
In such a scenario, organisations and individuals should up their cybersecurity policies and tools. Paul Ducklin, Principal Research Scientist at Sophos, shares five tips for individuals and businesses for secure remote working:
1. Make sure it’s easy for employees to get started
Many Self-Service Portals (SSPs) allow users to choose between different levels of access, so they can safely connect up either a personal device (albeit with less access to fewer company systems than they’d get with a dedicated device), or a device that will be used only for company work. The three key things users want to be able to set up easily and correctly are: encryption, protection and patching.
Encryption means making sure that full-device encryption is turned on and activated, which protects any data on the device if it gets stolen;
Protection means that users start off with known security software, such as anti-virus, configured in the way they want; and
Patching means making sure that the user gets as many security updates as possible automatically, so they don’t get forgotten.
2. Make sure employees can do what they need
If employees genuinely can’t do their job without access to server X or to system Y, then there’s no point in sending them off to work from home without access to X and Y. Make sure the users have got their chosen remote access solution working reliably first – force it on themselves! – before expecting the users to adopt it.
3. Make sure users can see what employees are doing
Don’t just leave employees to their own devices (literally or figuratively). If users have set up automatic updating for them, make sure users also have a way to check that it’s working, and be prepared to spend time online helping them fix things if they go wrong. If their security software produces warnings that users know they will have seen, make sure users review those warnings too, and let them know what they mean and what users expect them to do about any issues that may arise.
4. Make sure employees have somewhere to report security issues
If users haven’t already, set up an easily remembered email address where users can report security issues quickly and easily. Remember that a lot of cyberattacks succeed because cybercriminals try over and over again until one user makes an innocent mistake – so if the first person to see a new threat has somewhere to report it where they know they won’t be judged or criticised (or, worse still, ignored), they’ll end up helping everyone else.
5. Make sure users know about “shadow IT” solutions
Shadow IT is where non-IT staff find their own ways of solving technical problems, for convenience or speed. If users have a bunch of colleagues who are used to working together in the office, but who end up flung apart and unable to meet up, it’s quite likely that they might come up with their own ways of collaborating online – using tools they’ve never tried before.
The first risk everyone thinks about in cases like this is, “What if they make a security blunder or leak data they shouldn’t?” But there’s another problem that lots of companies forget about, namely: what if, instead of being a security disaster, it’s a conspicuous success? A temporary solution put in place to deal with a public health issue might turn into a vibrant and important part of the company’s online presence
Here are a few tips for individuals for secure remote working
1. Don’t open documents or spreadsheets attached to unsolicited emails
Even if they promise news users are interested in, any information in the attachment will almost certainly be available from a more direct source, via a link of their own choosing. If users are genuinely interested to know the official Johns Hopkins coronavirus figures, they must find their own way to the real site. That will not only avoid malware or phishing attacks but also protect users from manipulated data and fake news.
2. Don’t enable macros in Office files on the say-so of an email
“Enable macros” sounds innocent, and crooks often tell users that users have to do it in order for Word or Excel to display the file properly. Don’t do it! “Macro” is a jargon word that really means “an embedded program that can do almost anything, including downloading malware, installing new software and stealing files”.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
