Government, businesses and other organisations in the Middle East are increasingly
encouraging home working in a bid to slow the spread of COVID-19/coronavirus. While the measure is undoubtedly effective in flattening the curve of coronavirus increase, there are cyber risks to consider in relation to this change. Kaspersky experts have shared their
concerns and pieces of advice on the process of transferring the companies to the remote
workplace.
Transferring employees to work outside the office is a process that usually treated with
thorough preparation, as once corporate devices are taken outside of a company’s network infrastructure and are connected to new networks and wi-fi, the risks to corporate information increase.During the emergency switch of large people from work at an office to
home-based activities, such preparations maybe should be in the center of attention of
attention.
“Many companies have already adopted a practice of regularly allowing their employees to
work at home. The results have been quite positive and home-based employee does not portray any risks if the approach to their cybersecurity is comprehensive. «There are two major risks to corporate networks related to the home office: employees’ usage of
unprotected devices when connecting to the corporate network, and connection via
insecure Wi-Fi and 4G/5G networks, especially for those who work from personal devices. –
says Maher Yamout, a security researcher at Kaspersky.
The experts noted that the best practice would be to use a corporate device, instead of a personal one. They add that the biggest mistake companies could make is to consider an employee device insignificant and ignore the fact that it might be the entry point of a
cyberattack.“Ayear ago, we have assessed the cases of cyber incidents and found that a
third of them started from employees devices. In 34% of cases, it was either a download of
a malicious file from an e-mail or a malicious website. So the more potentially
contaminated or unprotected machines are connected to the company’s infrastructure, the larger are risks of infection.A vast majority of threats we see are not targeted, but come
from mass-campaigns that rely on human errors or holes in un-updated software, which
means that they are not unpredictable andcan surely be prevented”.
The researcher recommends employers to follow to take basic precautions to minimize
security risks:
• Provide a VPN for all staff to connect securely to the corporate network; ideally to tunnel all the network traffic
• All corporate devices – including mobiles and laptops – should be protected with appropriate security software, including mobile devices (e.g. allowing data to be wiped
from devices that are reported lost or stolen, segregating personal and work data, along
with restricting which apps can be installed)
• Make sure you have implemented the latest updates to operating systems and apps
• Restrict the access rights of people connecting to the corporate network based on the
need-to-know and least privilege principles
• It is necessary to remind coworkers about basic cybersecurity rules: do not follow links in
emails from strangers or unknown sources, use strong passwords, etc. Ensure that staff are
aware of the dangers of responding to unsolicited messages. Also, it is essential to agree on
rules of work: whether all questions are asked in protected chats and conference calls are
made via secured channels