As a result of the coronavirus, many companies have taken preventive remote working for their employees as a protective measure. Which, in many cases, is a hasty and impromptu move that has forced employees to make use of their own computers and technology to access corporate resources.
Thus, as the number of employees working from home increases, the complications of providing secure access to systems, applications and data from outside the corporate network also increase, exposing them to possible cyber attacks. As many say, "improvised remote work, guaranteed ransomware".
In this sense and under the name of "COVID-19", several emails, apps and even web pages are going around which, instead of informing us about the disease, are being used to misinform and steal our data for commercial purposes or to fill the pockets of cyber criminals. An example of this has been a website called “coronavirusstop”, closed a week ago now, which, with the pretext of making us aware of the symptoms of COVID-19, asked us for personal information posing as the Ministry of Health and the Government.
Other cases of phishing which use the topic of COVID-19 are web pages which use the domain ".org" to try to give similarity and appearance of a non-governmental organization and thus obtain information such as our IP connection, our date of birth or the place where we are or where we have recently traveled to.
Thus, when we visit pages related to the coronavirus, it must be verified that there is an official organization behind it.
How to intercept malicious web pages or emails
- We must look at the sender / source: Verify that they are official bodies and not companies impersonating their identity. Examples: United States Center for Disease Control (CDC), World Health Organization (WHO), or country-specific health agencies.
- Emails that contain some type of phishing include attachments: New information is in the attached file. Examples: "Confidential, solution to the cure of Coronavirus", "Security measures against Coronavirus", or "COVID-19 - Present in the air, increased cases of contagion in communities".
- Verify that any domain that hosts "COVID-19" belongs to a real health organization.
How to implement remote work with cybersecurity
There is no manual of measures to implement teleworking with total cybersecurity, but there are some good practices that we can apply:
- It is essential to have a VPN for the company's internal network that allows secure and remote access to employees. Likewise, having a virtual desktop also ensures access to corporate resources anywhere in the world and from any device.
- There is a very important part of education, information and awareness among employees regarding current threats and dangers, for example opening an email with attachments or accessing web domains from unreliable sources.
- In this process, it is key to verify the apparent sender through alternative communication methods, through secure channels. It must be verified that the emails come from official sources.
- So, you must avoid clicking on attachments in email messages or on links that contain information related to "COVID-19".
Being alert and aware of this type of practice will help us to be more prepared and to avoid being the next victim of a virus, COVID-19, which is as physical as it is digital...
Seidor is a technology multinational that offers a wide range of solutions and consulting services, implementation, development and maintenance of applications and infrastructure and outsourcing services. With a turnover of 464 million euro in 2019 and a staff of over 4,800 highly qualified professionals, the company has direct presence in 38 countries on 5 continents: Europe, Latin America, the United States, Asia and Africa.
stronger than one