Are the company's systems/information protected under the employee’s home office environments?

When the COVID-19 crisis suddenly turned us into a confining economy, many were able to keep their jobs thanks to telecommuting. Above security, the priority was to maintain production, and that widened the door to cybercrime, which has been multiplying more and more lately. We are increasingly digitized but less protected.

The number of cyber-attacks increased 40% globally, according to data from IBM, the most difficult thing is that the world does not have enough professional experts on the subject. By 2022, an estimated 1.8 million cybersecurity-related jobs will be vacant worldwide. These numbers are explained by the increasing digitization of society: "An increasing part of our lives is online: bank accounts, savings, private data, political opinions ... Everything that can be used to manipulate or harm you, is in the cloud, and if it is not properly protected, you are in the hands of the attacker”, says Fernando Rodríguez, co-founder and Chief Learning Officer of the KeepCoding Programming and Technology Training Center.

Companies had to organize remote access to their emergency systems for teleworking and that made them vulnerable. This implies a delicate balance between the need to avoid the serious financial damage of inactivity and the risks of data hijacking (known as ransomware), as well as other leaks of sensitive information.

What do organizations do so that workers are not violated beyond the technical measures implemented by companies?

It is necessary to train employees in cybersecurity, to cover their webcam in order to avoid possible remote accesses and activate the double factor of authentication in all the platforms on which it is available, as well as think before publishing photos, videos, comments, and other publications.

Computer bandits are benefiting from the desperation of the population for the pandemic to achieve their goals. To do this they are creating malicious apps, fake websites, and campaigns via email, text messages, and WhatsApp. Consequently, it becomes essential to create spaces to develop digital education and awareness campaigns.

The reasoning is simple: cybercrime exists because there is more and more to steal, it has more and more value, and there is a high probability of going unpunished: “It is a very profitable crime and for which rarely does anyone ever end up in jail. It is done from country to country and it is very difficult to pursue”, explains Santiago Moral, director of the DCNC Sciences Institute of the Rey Juan Carlos University (URJC), in Madrid.

Who are the victims of cybercrime?

SMEs and private users. Because teleworking is a new modality for many of them, cybercriminals take advantage of exploiting vulnerabilities and attacking the systems of organizations that were not or are not sufficiently prepared to put in place an effective security system.

The biggest threats depend on the target. For SMEs, it is about their continuity. There are tremendous volumes of ransomware, as we mentioned earlier, malicious programs that restrict access to certain parts of a computer system, demanding a ransom for their release, this way if your organization is hijacked, it cannot operate. Cyber ​​risks increase the home office. Devices that do not have the necessary protection could cause data loss, privacy violations. Proactive measures can improve the user experience and their security when working under this scheme.

So, in the midst of the emergency, companies that currently have employees working from home, need to suggest that they take the following steps:

• Install a trusted security solution on all devices that handle corporate data. If your budget is tight, install a free antivirus, as even this will significantly reduce the risk of getting infected and having problems with the company.

• Update the software, since, in the latest versions of the programs, vulnerabilities are fixed with patches. So it is important that you update everything you have installed on any device you use for work.

• It is useless to protect your computer if the attacker connects to your wifi or if it infiltrates your router, make sure that the connection is encrypted. The one that suits you best is WPA2.

• Now change the login credentials and password to access the router settings, if you have not done so before. The default passwords for some router models are not only very weak, but they are also available on the Internet and easy to find.

• Surely your company has contracted a series of computer services for employees to use, such as Microsoft Office 365; a messaging platform like Slack or HipChat, or at least a corporate email service. Therefore, it uses corporate resources for the exchange of documents and other information.

• If someone urgently needs an important document or demands the immediate payment of an invoice, check that they are who they say they are. Don't be afraid to call the other parties involved to clarify or confirm this order once again with your boss. Especially suspicious of email messages with links.

• One of the measures may also be to adopt the AWS WorkSpaces service, this is a secure and managed desktop as a service (DaaS) solution. With Amazon WorkSpaces, your users get the desktop of their choice, fast and responsive, which they can access from anywhere, anytime, and from any compatible device. You can pay for the WorkSpaces you implement per month or per hour, saving you money compared to traditional desktops and local VDI solutions.

Finally, people must understand that even if they are outside the office, the device from which they work is a door to the entire organization, so they must guarantee proper use. With a large number of professionals working from home, connecting to the Internet from a home network, probably poorly protected, and with outdated software, each of those employees is a potential target.

If you have a small or medium business and feel that your information and that of your clients is at risk, do not hesitate to contact us. We can help you solve security problems and provide you with cloud services that will promote the growth and support of your company. We have a free assessment and we are experts in protecting information and ensuring that your business has the necessary tools so that you can offer products and services in complete safety.