Amid the COVID-19 (coronavirus) outbreak, a significant part of companies in Romania has already decided to allow employees to work from home in order to ensure their safety while safeguarding the business continuity. Most of the employees continue their work using the devices provided by the employers, however some are using their personal devices simply because of the lack of necessary infrastructure in place at a company level. This situation as well as the fact of how sudden the companies had to take these preventative measures, has already been exploited by the hackers. Therefore, ensuring information security is the second most important thing that companies need to take care of, right after ensuring the safety of their staff.
Cybersecurity experts have already detected several phishing and malware infections that cybercriminals are trying to exploit for system vulnerabilities and people’s fears about the pandemic. These cyberattacks as well as attempts to steal information are primarily caused because in majority of cases, the internet environment at home is well below the level of cybersecurity standards that are in place at companies. Additionally, IT system administrators have to resort to the implementation of provisional solutions, without prior testing, for a large number of users and without a complete risk mitigation plan.
“The necessity for mobility and remote access extends the transit and storage of information outside the infrastructure of the company or institution. The security risk is even greater if a company device is not used to remotely connect. Typically, companies’ equipment and devices are updated at least with a minimum level of security such as upgraded operating and antimalware systems, encrypted hard disk, automatic screen lock and so on, but these security controls become difficult to perform in the work of at a distance, putting the company’s data at risk. In the event that people access services or files from a laptop or PC infected with malware, the situation can lead to a scenario that malware steals or alters the data and even reach the network of the company or institution, which it would mean financial and image losses” said Victor Gansac, CEO at Safetech Innovations, a Romanian cybersecurity company.
In order to ensure the safety of the information amid the crisis, the company management as well as IT system administration should ensure the following:
- Remote working policy – the policy should specify:
- the specific tools and programs that should be used when working remotely;
- outline the prohibited actions such as the transmission of documents through messaging applications such as Facebook, Messenger, WhatsApp or uploading them onto public sites for transfers;
- the type of information or IT services that can be accessed or stored on working devices and the minimum-security procedural controls;
- the procedure for making the connection with the company systems or reporting an incident.
- Use of additional security measures. In case the company cannot provide equipment for employees to use at home, it is necessary to add security solutions that separate the work environment, from the employee’s personal device, from personal data and for personal use of the equipment.
- Educating users and raising awareness about risks. Users should be supported to take care and operate safely, following clear procedures. This should include guidance on at least securely storing and managing access credentials, separating business from private environment or reporting incidents.
- Data protection at rest. Minimizing the amount of information stored on a mobile device to the minimum necessary to perform the business activity that is delivered outside the office environment.
- Data protection in transit. Using secure VPN connections whenever you work remotely, as well as multi-factor authentication to connect to application services.
- Defining an incident management plan. Working from a distance entails significant risks and there is the possibility of security incidents occurring even when users follow security procedures.
The best manner to control the situation in real time is through continuous monitoring through a Computer Emergency Response Team, within a CERT / CSIRT (Cyber Security Incident Response Center), which allows a real-time detection of attacks and abnormal behaviors that may arise from hackers trying to reach a company’s information. Activity of a CERT allows a continuous monitoring of all remote connections and accessed systems and thus ensures a full security of information.