What do you do at times like these, when a pandemic is wreaking havoc on the work environment practices? Many companies, including tech giants like Microsoft, Alphabet, Facebook, and Apple, have begun urging employees to work from home. However, when employees are working remotely at times of crisis, it’s much harder to institute sound network-based authentication practices.
Not only network telemetry checks become problematic, but there’s also a dramatic increase in phishing and other breach attempts as cybercriminals are increasingly seeking to profit off the coronavirus panic, filling the information void to trick people and steal their data.
How do you protect your organization from such attacks? Here are some basic tips you may use to ensure a productive workflow without compromising security:
1. Recognize and avoid phishing scams
Over two-thirds of employees who fall victim to cybersecurity attacks fall to phishing emails. Most often, these types of breaches happen when a company employee clicks on a link within an email that leads him to a fake website controlled by the attacker.
During a crisis like this, cyber-criminals are on the lookout for new phishing opportunities, knowing full well that people are rattled by the panic and are likely to open emails or click on sites that are promising relevant information. Here are some useful articles about newly designated coronavirus phishing scams:
- Coronavirus Scam Alert: Watch Out For These Risky COVID-19 Websites And Emails
- Coronavirus Scam Alert: Watch Out For These Risky COVID-19 Websites And Emails
- Hackers Posing as CDC, WHO Using Coronavirus in Phishing Attacks
There are multiple steps a company can take to protect against such attacks. First of all, it is necessary to educate your employees about phishing tactics and encourage them not to open suspicious emails. Let’s consider some of the main additional recommendations briefly:
- Set email filters to protect against spam
- Hover over the link attachment to check SSL credentials (secure sites use SSL encryption, meaning that their addresses begin with HTTPS instead of HTTP.)
- Adjust the browser settings to prevent malicious link attachments
2. Use enforced MFA wherever possible
Multi-Factor Authentication is a combination of authentication factors that provide additional protection for your accounts. If you’re a business that interacts with other companies online regularly, MFA can protect the most sensitive data, such as financial and personal information, and massively reduce the chance of it leaking into unwanted hands. Multifactor authentication encompasses a wide range of authentication technologies, such as biometrics, smartphone apps/codes received via text messages, or wireless security tokens, which will provide an additional layer of security.
The services that offer and recommend different types of MFA are Apple (iCloud and other services), Google (Gmail and other services), Microsoft Office 365, Yahoo!, PayPal, Dropbox, Facebook, Twitter, Instagram, LinkedIn, Snapchat, Tumblr, etc. All you need is to adjust the necessary account settings.
3. Enforce your employees to use strong passwords
People are not very creative when it comes to generating passwords; they commonly use their date of birth, address, phone number, social security, car’s registration number, mother and father’s name, etc. According to NIST recommendations, IT systems should allow a minimum of 8 characters and a maximum of 64 characters and include all kinds of characters, including lowercase and uppercase letters, numbers, punctuation, and spaces. Such types of passwords are more difficult to decipher from a cryptographic standpoint. However, the National Institute of Standards and Technology recommended dropping complex passwords and using multifactor authentication (MFA) instead.
If you’re looking for more protection for your company, you can use a multifunctional security device such as Hideez Security Key, which can help cope with all the above tasks efficiently and with no extra efforts. It represents a good solution as it’s an administrator controlled password and security key device, with built-in phishing protection via the resource/password vault.
Hideez can act as 2nd-factor authentication for company employees and keep about 1,000 accounts per device. A couple of simple customizations and that's it! All of the workers` credentials are safe and sound, and authentication works in the background.
To learn more about the device – check out Hideez Key features & specifications or schedule a free demo:
