The coronavirus has taken the American workforce by storm. Some workers are entirely displaced, while others have the ability to work from home.
Considering the alternative, working from home can certainly be seen as a blessing; although, it does create a bit of a target on your back.
Hackers are painfully aware there are more American employees working from home today than ever before.
This means company networks are open to remote connections, which leads to a hacker's paradise.
The only thing standing between them, and a goldmine of corporate data, is you -- that glorious work-from-home employee who likely has a remote connection open for cybercriminals to exploit.
This may sound far- fetched. “They won’t target me!” you say.
Hackers have already been targeting users by fraudulently portraying federal agencies and universities, offering up fake COVID-19 updates, all with the hopes that users will click on the malicious link hiding behind what appears to be new guidance related to COVID-19.
In fact, this is exactly what happened when cybercriminals portrayed the World Health Organization by sending out fraudulent emails claiming to offer tips to prevent the infection of COVID-19.
One click of these links and the device you click from can be infected, as well as any other devices that it is connected to, such as a corporate server.
It is a scary thought, really.
Fortunately, there are five steps you can take as a remote employee to help minimize the threat of falling victim to these scams and keep yourself and your company’s network safe from cybercriminals.
First, and quite possibly most important, is ensuring all of your devices have a security solution installed. The FBI, DHS, NSA, and NIST all recommend the use of application whitelisting to prevent malware from corrupting networks.
Second, in addition to security software, it is critical employees only use remote access when absolutely necessary.
Once they have completed the necessary job duties in the remote session -- disable it.
Leaving a remote session enabled when it is no longer in use is asking for a cyber intrusion.
Third, be cognizant of what you’re clicking on. Confirm that the sources are legitimate.
If it is an email, check the “From” and “Reply to” addresses. Oftentimes these will be giveaways that they are indeed coming from scammers and not truly a legitimate entity. For example, an email may claim to be from the CDC, but the “From” email address says firstname.lastname@example.org instead of email@example.com is not legitimate.
Fourth, some employers were able to provide employees with laptops to work from home. Others are using personal devices to maintain business continuity.
If you are using a personal computer, it would be wise to create another account on the computer and use that for work purposes. This minimizes the overlap of personal and professional data and could help minimize exposure if an attack were to execute.
Finally, if remote employees are using personal devices for work purposes, they must ensure the operating system and third-party applications are updated regularly.
Updates are released for these programs to patch known vulnerabilities. If you fail to update them, you’re failing to patch holes that hackers use to infect devices and corrupt files.
The reality is – we all have a part in this. While we navigate our new situations in uncertain times, these are steps you can take to prevent further interruption to your employer or yourself, and steps we can take to ensure both our economic and national security.
Rob Cheng is CEO and founder of PC Matic.