By Mary Jo Schrade
While millions of people around the world are now working remotely due to the lockdown, are they sure they are doing so safely and securely? It’s an essential business question to ask at the best times. But it is even more so nowadays. These days, our inboxes, mobile alerts and news updates are all about Covid-19, all the time. It’s overwhelming and attackers know it. Therefore, we are seeing an increase in the success of phishing and social engineering attacks.
Microsoft’s intelligence shows that these attacks are settling into a rhythm that is the normal ebb and flow of the threat environment, where every country in the world has seen at least one Covid-19 themed attack. Attackers are pivoting their existing infrastructure for the distribution of ransomware, phishing emails, and other malware, leveraging COVID-19 keywords that get us to click on links or open emails. Once we click, they can infiltrate our inboxes, steal our credentials, share malicious links with our coworkers, and lie in wait to steal the information that will give them the biggest payout.
Here’s what you need to look for to strike a balance between enabling remote working while ensuring cybersecurity:
Safety and privacy are integral to online collaboration
As we enable work and school remotely, the ability to manage who participates in meetings, who can present and who has access to meeting information has never been more critical. Look for a solution that empowers the organisers to use controls to decide who from outside your organisation can join your meetings directly, and who has to wait in the “lobby” to be let in. For further control, the meeting organiser should be able to designate “presenters” and “attendees”.
Equally important is the ability to moderate and control who is and isn’t allowed to post and share content as well as to monitor chats. When recording a meeting, participants should be notified before recording has started and the recordings should be stored in an encrypted repository, available only to those on the call or directly invited to the meeting.
Access is everything
In the case of collaboration tools, having multi-factor authentication feature (MFA) turned on by the IT administrator provides an additional layer of security. Given that cybercriminals are looking for ways to exploit vulnerabilities and leverage the weakest links, protecting usernames and passwords and requiring users to provide a second form of verification to prove their identity can help organisations to strengthen their security perimeter.
Safeguarding personal data
Ensure that collaboration tools offered to employees are designed for enterprise-grade deployment. They should incorporate industry standard technologies such as Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) to encrypt all data between devices and the cloud. They should also have safety measures for data loss prevention and sensitivity labels to restrict and regulate who can access sensitive information.
Privacy by design
Ground rules for deciding on selecting the right collaboration tool:
n It should not track user data to serve ads.
n It should delete all data after the termination or expiration of the subscription.
n It should give the ownership of customer data to the customer.
The future normal, now
It’s very clear that enabling remote work is more important than ever, and that it will continue to have lasting value beyond the Covid-19 outbreak. As organisations embrace this evolution, keeping a very close eye on the security and privacy of data will enable them to work effectively and with peace of mind.
The writer is assistant general counsel, regional lead, Microsoft Digital Crimes Unit Asia