With remote working as the order of the day, the threat of an online attack on your business is all too real.
There are a number of measures companies and their employees can implement to minimise the risk of sensitive company information getting into the hands of malicious actors.
Logicalis is a leading provider of digital services, with specialised offerings that include cloud, data centre, networking and cybersecurity solutions.
Logicalis South Africa’s Chief Information Security Officer Caesar Tonkin recently provided advice to companies and employees regarding safe remote working practices.
Tonkin said attackers are looking at ways to monetise the coronavirus in their cyberattacks.
One example is phishing attacks that are carried out with links or attachments that claim to direct users to the latest coronavirus statistics or advice.
Anyone who clicks on the link opens themselves and their company up to the harvesting of personal information which can be used to determine company passwords.
When attackers gain access to company systems, it can have a massive impact on its financial and reputational standing.
Tonkin reiterated that essential services in particular should be extremely wary of attackers that could disrupt production processes.
“A pharmaceutical manufacturer cannot afford to have downtime in its production of medication that has got to get to hospitals and pharmacies because someone clicked on a link,” Tonkin said.
It is also important to note that failure to comply to industry regulations that require certain security protocols could result in fines, causing further financial damage.
Understanding security controls
It is important to provide a technical perspective to team members of which security measures are in place to protect systems and sensitive information.
“People will be under attack, because they are working from home, in terms of phishing mails, ransomware and any attempt by attackers to gain access through the individual working from home,” Tonkin warned.
“If team members see what those security controls look like when they are working from home, they are aware of the types of threats that exist and what attacks could happen,” he noted.
This will also put their minds at ease as they will know that the company has implemented robust and sufficient security controls.
One of the fundamental security controls that companies should implement is ensuring each staff member uses a company-issued machine for working purposes, Tonkin said.
This computer may not be used by family members or friends that are sharing the house of the employee during lockdown.
The machine should have all the necessary company-approved security policies in place, including:
- Full disk-encryption
- Secure Virtual Private Network (VPN)
- Automatic regular updates and backups as per company policy
Protecting sensitive communication and information
Communication and data must be carried out via secure channels, Tonkin emphasised.
“The company has a responsibility to make sure that staff are aware that they must only share sensitive company information in an approved repository,” Tonkin said.
Appropriate platforms for communication and data-sharing are determined by the company and could include SharePoint, OneDrive, e-mail, Teams chat or a company-approved cloud service.
“They must not be sharing sensitive information on WhatsApp or SMSes and they must not be allowed to use personal email such as Gmail for company purposes,” Tonkin stated.
He added that the employee often has a contract that compels them to comply with the company’s security policies.
Monitor VPN activity
Tonkin said Logicalis SA was encouraging customers to monitor more carefully what types of attacks are being carried out on their VPN service.
“Often suspicious activities on the VPN access is not really carefully looked into in business-as-usual times,” Tonkin said.
Monitoring of Distributed Denial of Service (DDoS) attacks and suspicious failed logins are things that most companies should look at.
In business-unusual times, the effects could be even worse.
“If your VPN service is down that means you cannot service your customers and from a production-operations point of view, staff can’t remotely do what they need to in order to do their jobs,” Tonkin stated.
How Logicalis can help
Logicalis South Africa offers fully-fledged security solutions to provide comprehensive end-to-end protection for companies’ digital systems.
This includes the following services:
- Security Consulting Projects – Cyber Security Maturity Assessment, Vulnerability and Controls Compliance, Penetration Testing and more.
- Managed Security Services – Managed Firewall, Email, and Endpoint Protection, as well as Endpoint Detection Response, Privileged Account Management and more.
- Cyber Defence Services – Next Generation Security Operations Centre, Vulnerability Management Service, Threat Detection and Response Management, and more.
Contact Logicalis SA today to give your remote workers the best possible protection from cyber-attacks.
This article was published in partnership with Logicalis.