Cybercriminals are now leveraging employees working remotely to target businesses of all sizes by launching cyberattacks and phishing campaigns in order to exploit us at a potential time of weakness through cyber threats. There have been warnings issued by government agencies related to cybercriminals targeting businesses that are turning on remote access to their systems in order to help with business continuity.
Remote employee access is a very powerful tool but, if not implemented correctly, may result in a cyber or ransomware attack against the business. As businesses rush to close their physical operations and move to a remote workforce, the improper configuration of these remote access systems can be an easy way for cybercriminals to attack with cyber threats. To learn more about cyber attack prevention best practices, schedule a cybersecurity consultation with a trusted cybersecurity company vs IT security.
Best Practices for Secure Employee Remote Access to Prevent Cyber Threats
- Unless your IT resources clearly understand the risks associated with using Remote Desktop Protocol (RDP), do not allow them to install it. RDP is a highly exploitable technology that is a primary target of cybercriminals and their cyber threats.
- Utilize a remote control software that allows you to “log in” to a computer at your office to prevent cyber threats.
- Make sure the remote control software utilizes Multi Factor Authentication (MFA) so it makes it more difficult for a cybercriminal to hack into your system. MFA sends a text message to your cell phone or an app on your phone to authenticate your log in.
- Utilize strong passwords that incorporate multiple words, numbers and special characters for the authentication for the remote control software.
- If you are using a VPN, make sure your IT vendor has updated all the VPN software. As of just a few months ago, many VPNs had vulnerabilities that could allow a breach to occur.
- Make sure all remote computers are running the latest versions of Windows 10 or Mac to block any cyber threats.
- Make sure all remote computers have anti-virus software installed and the virus definitions are up-to-date.
- Use strong passwords on all remote and host computers that incorporate multiple words, numbers and special characters.
- For Wi-Fi enabled devices, use the strongest encryption protocol available. WPA3 is the newest. At a minimum, you should be using WPA2.
- Do not allow family members to access any device that is used to remotely access a work computer.
- Make sure you lock the computer before you walk away from it to prevent cyber threats. On a Windows computer, this can be done by pressing the “Windows” key and the letter “L” at the same time.
Double Check Your Data Backup
- Confirm that 100% of your data is in fact being backed up.
- Before you leave the office, make a backup of ALL your data. This includes attachments, financial systems, images, etc. This backup should be saved to an encrypted external hard drive that is stored offsite to prevent cyber threats.
- Confirm that all your cloud data backup is up-to-date and all your systems are being backed up.
Employee Phishing Attacks/Social Engineering
Cybercriminals are now leveraging the current COVID-19 crisis as a methodology to attack systems. Be extremely careful when receiving any emails related to the COVID-19 infection. These phishing emails are designed to lure you into clicking on links or attachments that may seem relevant to the current situation. In addition, "heat maps" that show the infection rates may direct you to a fake website that will download malicious code onto your device.
Signs of a COVID-19 phishing email and cyber threats may include:
-
A link to a “heat map” showing the infection areas/rates
-
A link to a fake government or state agency designed to look real
-
A link to a government or state agency with a legitimate name, but a fake hyperlink
-
A warning to download a document related to COVID-19
-
A link to a hospital or other healthcare institution
Please be extremely careful regarding these types of emails and always use the link hovering technique to verify the final destination. Place your mouse over the link or image, look at the bottom left corner of your screen and validate the URL (web address).
Cybersecurity Consultation
For more information on cyber threats, cyber attack prevention, and data breach security schedule a cybersecurity consultation with Black Talon Security today!