https://arab.news/w6nja
- Phishing attacks and compromised WiFi among risks
RIYADH: Working from home has boomed during the coronavirus outbreak, but a new survey said that 73 percent of employees had not received cybersecurity guidance for remote working.
Phishing emails related to COVID-19, increased spam, connecting to compromised WiFi spots and the use of shadow IT by employees were some of the threats and risks of homeworking identified by the survey, which interviewed 6,000 people around the world. Accidentally downloading malicious content from an email could lead to devices being infected and business data being compromised.
“To avoid such risks, it is important for organizations to educate staff about cybersecurity,” said the survey from global cybersecurity firm Kaspersky. The survey added that, while employees took on the massive shift of working from home, it was important for businesses to ensure staff could work as they usually would.
Andrey Dankevich, a senior product marketing manager at Kaspersky, said: “It is hard to keep things ‘business as usual’ when everything needs to change so dramatically. While employees are trying to get along with the new reality of working from home, IT and cybersecurity teams are under pressure to enable them to continue working safely. Cyber-incidents can only add difficulties to this challenge, so it is important to remain vigilant and make sure remote working is also secure working.”
In order to promote secure remote working Kaspersky recommended that employees know who to contact when facing a security issue, employers should pay special attention to employees who had to work from personal devices and provide them with dedicated policy and security recommendations, schedule basic security awareness training online, and cover essential practices such as switching on password protection, encrypting work devices and ensuring data was backed up.
“The need for teleworking is proliferating amid COVID-19, and getting momentum with the exponential escalation of infected cases and mortalities around the world,” Muhammad Khurram Khan, a cybersecurity professor at King Saud University in Riyadh, told Arab News.
HIGHLIGHTS
• Phishing attacks and compromised Wi-Fi are among the risks.
• Good cyber hygiene including strong passwords and backing up data recommended.
• Accidentally downloading malicious content from an email could lead to devices being infected and business data being compromised.
Home networks were often less secure than internal networks of organizations and could put employees at greater risk of cyberattacks, with the majority of people never being trained to work remotely in a secure manner during an unexpected situation, added Khan, who is also the founder and CEO of the Global Foundation for Cyber Studies & Research in Washington D.C.
Most organizations which were now forced to work remotely due to COVID-19 were harboring unprecedented cybersecurity threats from malicious actors, he said. Business organizations were more focused on improving the technology and processes while overlooking the human aspect, which was considered to be the weakest link in the security chain.
Statistics showed that an alarming percentage of data breaches occurred as a result of human error and the negligence of basic cybersecurity practices and awareness, he said, so cybersecurity should be considered a critical business issue. An effective cybersecurity awareness program and guidelines specifically designed for teleworking could help reduce the risk of cyber threats aimed at exploiting the human element.
Khan suggested that organizations train and educate their employees about good cyber hygiene practices such as keeping all software up to date, installing a home firewall and antivirus software, using secure Wi-Fi, choosing strong passwords, enabling multi-factor authentication, backing up data regularly, being wary of COVID-19 scams, reporting any suspicious incidents, and being vigilant of all unsolicited emails and attachments, which could contain malicious software or could be used for phishing scams.