Key takeaways: In the face of the COVID-19 pandemic, cyber criminals may focus their attention on telecommuting workers. Practice heightened cybersecurity diligence.
- Require strong passwords
- Implement a multi-factor authentication on all VPN connections
- Update VPNs and network infrastructure devices
- Be alert to phishing attempts
Continue reading for additional tips and recommendations to enhance your organization's cybersecurity awareness.
As organizations implement their business continuity plans and adhere to recommendations to promote work from home capabilities in the face of the novel coronavirus, or COVID-19, pandemic, there is an increased use of virtual meeting, collaboration and communication methods.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) expects cyber criminals to focus their attention on telecommuting workers. Prepare your employees to check current infrastructure for needed updates and practice heightened cybersecurity diligence to secure against attacks.
VPNs
A virtual private network (VPN) provides secure remote access to a company’s network. CISA recommends requiring strong passwords and implementing a multi-factor authentication (MFA) on all VPN connections to increase security. They suggest that companies without MFA for their remote work force could be more susceptible to phishing attacks.
CISA recommends updating VPNs, network infrastructure devices and devices being used to remote into work environments with the latest software patches and security configurations. See more recommendations from CISA and share them with your team.
Phishing
Remind employees that phishing is when criminals use email to trick users into giving them personal or business information they are otherwise not authorized to access. They could attempt to obtain passwords, accounts or Social Security numbers, which could then allow access to email, bank or other accounts.
According to the United States Secret Service, cyber criminals are exploiting the pandemic through email phishing attempts posing as employers and legitimate medical or health organizations, such as the Centers for Disease Control and Prevention and the World Health Organization.
Share tips with your team to keep them on alert:
- Never click an email link or open an attachment if you are uncertain about it.
- Never give out personal information, including usernames, passwords and payment information. If in doubt, delete the email or hang up the phone.
- If you want to donate to an organization, visit the charity’s official website directly.
- Remember, these criminals are relying on your concern, kindness and curiosity.
See more tips from the Federal Trade Commission.
Let ISN Help
If you work for a contractor, inquire with your supervisor about the actions your company is taking to secure your personnel data and information of your Hiring Clients.
If you are a Hiring Client, ask your ISN account representative for information about how you could implement ISNetworld cybersecurity tools.
Are you a Hiring Client and interested to learn how ISN could help you manage your contractors and assess your cybersecurity exposure? Request a demo of our contractor management system, ISNetworld.