Cyber hygiene during COVID-19
For Australians being instructed to work from home amid the COVID-19 outbreak, doing jobs remotely can be a major adjustment. For hackers, it can be an opportunity.
For Australians being instructed to work from home amid the COVID-19 outbreak, doing jobs remotely can be a major adjustment. For hackers, it can be an opportunity.
We’ve seen a sharp increase in coronavirus related email scams from cybercriminals pretending to be the ‘World Health Organisation’ and text messages appearing from sender ‘GOV’ inviting recipients to click through to a website to view information about COVID-19 testing in their area.
With COVID-19’s spread, there have been numerous recommendations from health authorities and experts that one of the best, first-level measures to help spread infection is to wash hands with soap and water thoroughly for 20 seconds.
Many organisations are asking “How can we improve our Cyber Hygiene” and while that answer often depends on individual circumstances (recommendations for consumers, SMBs and large enterprises may differ), here are six quick wins that everyone can be doing right now to make sure we are all “washing our hands.”
Stay on Top of Patching & Regular Software Updates
Both individuals and organisations should stay abreast of the latest patches and updates from software vendors. Patches often resolve weaknesses and security vulnerabilities within products. Patching lessens the risk that a hacker can take advantage of a previously existing weakness. For organisations, IT Ops teams need to be able to patch and configure devices remotely. Security solutions should allow you to identify vulnerabilities, install patches and validate configuration remotely via the cloud, giving your team the confidence that every endpoint is up to date on the latest policies and secure.
Use multi-factor authentication (MFA)
Multi-factor authentication adds an additional step to the process of accessing critical data. The first step being a username and password, and the second step being additional verification (like a pin or a push). MFA is becoming increasingly popular for many services we access daily. Enabling multi-factor authentication ensures that the user logging in as an employee is truly who they say they are. MFA also lessens the risk of poor password hygiene. Still, as a rule of thumb, passwords should be truly random, 16-character phrases contain upper- and lower-case letters, numbers, and symbols.
Leverage a VPN
With so many employees working remotely now, using a virtual private network (VPN) can help better secure internet connection and keep private information private via encryption. Public Wi-Fi can be a gamble as it only takes one malicious actor to cause damage.
As with any situation where infection is a possibility, a healthy amount of scepticism is always warranted. Be wary of emails coming from unknown sources, particularly if the requester is asking you to click on a link or an attachment. When in doubt, pick up the phone and call someone to ask if their request is valid.
Take a look at your endpoints
As a security practitioner, it shouldn’t matter if devices are on or off the corporate network — you should be able to see what’s happening on them and spot abnormal behaviour. Ensure your endpoint security solution gives you this type of granular visibility, on and offline.
Educate your workforce
Make sure your employees know how to see and stop common attacks, like phishing. Due to the current climate, you may need to send out additional training or refreshers to help your workforce recognise potential threats.
Update passwords frequently
Your employees should be changing their passwords every few months. This becomes more important than ever when they are off the corporate network. Additionally, update your router password and use a full sentence for maximum security.
Rob Dooley is country manager A/NZ VMWare Carbon Black
AI to drive ‘super cluster’ change among leading companies
New York-based analyst Viktor Shvets says many of the leading companies of the future, including those which will use artificial general intelligence (AGI), might not even exist today.
DeepSeek won’t crush AirTrunk’s $100bn dream: Blackstone
Blackstone says its multibillion-dollar bet on data centres – including its $24bn investment in AirTrunk – still stacks up despite China’s low-cost model DeepSeek rattling global markets.