With an increasing number of employees working from home, practicing cyber hygiene has become as important as practicing physical hygiene. Staying safe during the pandemic is essential, as is keeping safe the company’s networks and all enterprise assets.
What is Cyber Hygiene and Why Does It Matter?
Cyber hygiene refers to the best practices necessary to maintain the health of computer systems and improve cybersecurity. Businesses of all types and sizes should engage in cyber hygiene to ensure the proper maintenance and security of their systems and data.
Organizations practicing effective cyber hygiene typically engage in a set of regular routines that often include:
- Keeping an accurate inventory of software and hardware on the corporate network
- Upgrading older systems and infrastructure on a regular and as-needed basis
- Regularly backing up valuable data
- Limiting privileges to a select number of users
- Establishing a process that end users must employ to install new hardware
- Patching all applications regularly
- Identifying and disabling vulnerable applications
- Educating users on the value of proper security procedures – including the creation of strong passwords
Cyber hygiene is about doing the right things every day to guard against wear and tear, technological obsolescence, and security threats. By addressing vulnerabilities before they become problems, all IT resources are kept in secure running conditions.
Why Cyber Hygiene is Essential During the COVID-19 Crisis
The ongoing coronavirus pandemic puts additional stress on all IT resources and provides new target opportunities for potential attackers. Unfortunately for corporate IT staff, remote employees are focused on their family’s health, not on cyber hygiene – even as security threats spread faster than the coronavirus itself.
Remote Access Risks
Security can be compromised when employees work from home and access company assets remotely. As many employees have been forced to become remote workers, cyber hygiene for those workers, in the form of increased vigilance, becomes critical.
The use of personal devices to access the corporate network brings an increased security risk. These personal devices are typically less secure than work-issued devices, and thus bring the threat of compromised credentials, malware, and more. For this reason, remote workers need to practice cyber hygiene on all devices they use to access the company’s server. This includes but is not limited to employing stronger passwords and anti-malware protection.
Additionally, most remote workers access their corporate resources via home wireless networks. Home networks are often configured with minimal or no wireless security, making it possible for hackers to break into them. Cybercriminals can use this route to piggyback into the corporate network and access otherwise protected assets. Because of this, many companies are requiring users to access their networks via secure VPNs.
Social Engineering Risks
Employees working from home are also at greater risk of social engineering attacks, especially phishing schemes. This risk is even higher during this crisis thanks to the rapidly increasing number of coronavirus-themed phishing campaigns.
Any national or global emergency creates fertile ground for opportunistic fraudsters. People are eager for new information about the crisis and are apt to click on more coronavirus-related links than they might normally. It is difficult, even in the best of times, to tell the difference between legitimate links and fraudulent ones. In the current crisis, it’s easy for anyone to click on a link that promises some new development.
Experts have noticed a surge in cybercriminal activity due to bad actors exploiting the public’s rising fear and uncertainty. Besides the increase in phishing schemes spread via email, social media, and instant messaging, there has been an increase of “clickbait”-type stories and advertisements designed to infect devices with spyware and other malware when users go to the linked sites.
One sign of this is the recent surge in the registration of coronavirus-related domains. There have been more than 4,000 registrations for domains related to the coronavirus since the beginning of the crisis. Moreover, analysts believe these domains will be more prone to malicious activities (by up to 50%) than others registered within the same period.
Malware is also being spread via attachments to emails with subject lines like “coronavirus cure.” Curious recipients click on the attached file and install the malware on their systems. Remote workers should be encouraged not to click on unexpected attachments and report suspicious emails to IT staff.
Video Conferencing Risks
Employees working from home are increasingly using video conferencing platforms such as Zoom and Microsoft Teams to stay connected with their co-workers. Unfortunately, cyber hygiene can be compromised when these solutions are not totally secure.
With these video conferencing options, it is possible for unauthorized users to surreptitiously join the conference and overhear confidential information. It’s also possible for malicious users to access employees’ desktops or infect them with malware files.
AWS Wickr: The Secure Communications Platform
AWS Wickr is a fully encrypted, enterprise-ready communications platform designed for companies with employees working from home. It’s easy to set up and easier to use for both in-office and remote workers. AWS Wickr offers texting plus voice and video calling facilities, voice and video conferencing, and file and screen sharing – all protected by end-to-end encryption. It’s the ideal communications platform for enterprises during the coronavirus crisis – and after.