Monthly Archives: April 2020

Cyber Security

Remote workers need to improve security measures

 

Security firm Avast provides tips on how people can work safely from their homes during an epidemic.

Technological support and security measures are one of the ways organizations and their employees can protect their jobs when they start working remotely during the COVID-19 outbreak. While digital security firm Avast has also been working to help more companies protect their employees from coronavirus worldwide, they have made some suggestions on how people can work safely from their homes during the epidemic.

Remote workers need to improve security measures

Avast CISO shares some information about how employees can protect their devices from virtual viruses while protecting themselves from physical coronaviruses:

Corporate security measures

According to an Avast survey, an average of 49.75% of people worldwide said they did not receive the technological support or expertise they needed from their employers while working from home or in a public place. Avast CISO says that companies that are preparing to send the workforce home need to provide the support they need to work remotely, and take the following steps:

Make sure employees use pre-approved laptops and smartphones to access corporate material, including emails, tools and documents. Business-grade security solutions must be installed on these devices and checked, if any, by the company’s IT department.
Equip employees with a phone number list so they can reach IT teams or other responsible people when they have IT issues.
Inform employees about hardware, software and services that are not published by the company but can help you share your files with colleagues in special situations.

Set basic rules for those who work with personal hardware, such as printers, while working from home.
Provide employees with VPN connections that they can use to protect their communications.
Require two-factor authentication wherever possible to add an extra layer of protection to the accounts.
Instead of ensuring that employees have access to the entire company network, make sure they have limited access rights and can only connect to the services they need for their specific tasks.

Measures that employees can take

According to the Avast CISO, there are basic measures that remote workers can take to strengthen the security of their home networks, which will make working from home safer.

Employees must log in to their router’s administrative interface to change the device’s login credentials, and also change their Wi-Fi passwords with a unique and strong password of at least 16 characters.

According to the Avast survey, 37.1% of global participants do not know that they have a web management interface where they can log in to view and change their router’s settings.

Avast recommends that users check whether port forwarding and UPnP are enabled in their router settings and disable them if they are not used intentionally.

Networks are only as secure as their weakest connections, so it’s important to make sure all devices connected to the network are secure, as there may be potential gateways for cybercriminals to access other devices connected to the home network.

Another point is that employees should look for coronavirus-related phishing emails, including spear phishing emails. These emails may appear to come from the company and may include attachments, links, or a request. It is important that users verify the sender’s e-mail address before communicating any attachment, link or request, or contact the sender through a different channel to confirm that the message was sent from them.

How To

How to reduce the risks in your video conferences

The cyber criminals are always looking for new opportunities to steal data from the Internet, access corporate information and, ultimately, make money from it all. The current situation caused by Covid-19 has opened a range of possibilities and experts warn that there is a wave of cases of ‘phishing’, extortion, ‘ransomware’ and attempts to breaches and data breaches in the last few years. weeks.

Learn valuable techniques to mitigate the risks involved in conducting video conferences.

The increase in teleworking and the need to communicate with loved ones from a distance have caused an unprecedented upturn in the use of video conferencing applications and this poses a risk, both for companies and for private users. Although it is not the only objective of cybercriminals, the Zoom app has been the subject of some of the most outstanding incidents so far this year.

“There are several risks to be aware of. The first is that of several new vulnerabilities discovered on this platform: one of them could allow hackers to steal Windows passwords, and two others could allow attackers to remotely install malware on the affected Macs and spy on the meetings “, warns José Battat, CEO of Trend Micro Iberia.

Cybercriminals know that users are massively searching for ways to communicate during government-mandated confinements. By creating legitimate-looking links and websites from Zoom – which is one of the most used ‘apps’ – they could steal financial details, spread ‘ malware ‘ or collect ‘app’ ID numbers, allowing them to infiltrate in virtual meetings. A provider found that 2,000 new domains had been registered in March alone, more than two-thirds of the year total so far.

With just access to a meeting , ‘hackers’ could collect highly sensitive or market-critical corporate information, and even spread ‘malware‘ through a file transfer feature. These problems at the business level can also affect private users, either by stealing personal data or by accessing meetings (sometimes between minors) to post offensive comments or transmit inappropriate content, for example.

Tips from the experts

Trend Micro offers a series of security recommendations, based on simple questions, such as having the applications always updated to the latest version or “making sure that all teleworkers – in the case of companies – have a program ‘anti-malware’, including detection of installed ‘phishing’ from a trusted provider .