The ASEAN region has been living with the novel coronavirus that causes COVID-19 for several months now, and different countries are at different stages of crisis. For some, it continues to be a terrifying public health threat causing lockdowns, quarantines, and mandatory social distancing. For others, it’s an inconvenience that seems to have been mostly conquered – except for the knock-on effects to their national economies, which are set to linger for much longer.
A lot has been said about how the virus has changed work culture, potentially permanently. People who shifted to working remotely out of necessity may desire to continue to do so, and many companies are allowing it, having seen that daily commutes to the office are not always necessary if employees are responsible with their time.
But while working from home—or at a beachside cafe, when those reopen—has its advantages, it also introduces certain risks. One of those is that operating outside the office network opens companies up to a variety of online vulnerabilities that they may not be used to dealing with.
Tarun Sawney, senior director of BSA | The Software Alliance, advocates for some of the world’s most innovative software companies, including those involved in cyber security. He offers some insights and tips on how to keep businesses and employees safe from the rising threat of cybersecurity that has seen a spike during the pandemic while many work from home.
1. Require employees to use a VPN or secure communications software
Employees who work from home tend to receive more emails and other messages than they used to, and they often communicate with their work teams via unencrypted consumer applications— all using home wi-fi connections that are hopefully secured —but may not be.
Naturally, this state of affairs is not lost on those who would seek to make a profit or cause harm using criminal cyber attacks on individuals and businesses. Some of these are organized, professional groups of cyber criminals, while others are simply opportunists attempting to make up for lost income with ill-gotten gains. Regardless, they are ramping up their efforts, from malware to phishing to taking advantage of unsecured networks. Some of these are directly related to the virus: emails purporting to be from authorities offering virus information are loaded with malware attachments, and malicious apps claim to show infection maps but instead lock down phones. And in just March and April, over 86,000 malicious web domains were created using COVID-19-related keywords to lure those seeking information on the virus.
Sawney advised using a VPN and/or secure business-caliber communications software with end-to-end encryption enabled by default for all work-related communications.
2. Ensure your team is using only secure licensed software
2019 saw businesses become the majority of cyber attack victims for the first time, a trend that is likely to increase as many opt to hide their victimhood— and quietly pay off criminals— rather than allow it to impact their reputations. And make no mistake: the damage can be massive. IBM estimates the average cost of a data breach at USD 2.3-million in Southeast Asia.The damage to company reputations— particularly if customer data is compromised—can be far greater, perhaps enough to derail hopes for recovery when it is most needed.
“To prevent attacks from happening to them, companies need to adapt quickly and set up sustainable and long-term solutions to build their cyber defenses. And it is the executives, not the IT department, who should be leading the charge,” Sawney explained.
He adds that all work devices, whether owned by the company or the individual, must have legitimate, professional-grade security apps installed, with automatic protection and updates enabled. This includes smartphones, as attackers are increasingly targeting mobile operating systems.
Companies should conduct a thorough audit of each company device to ensure they are using only legal, licensed software to address security vulnerabilities.
3. Clearly instruct employees on secure digital practices
Sawney said that secure digital practices should be taught and practiced by every employee from handling unsolicited emails to storing of confidential information. Letting employees know about the potential consequences that cybercrime poses can also help them to understand the importance of such practices.
If there is one thing that the COVID-19 crisis has proven, it’s that awareness, collective action, and proactive risk prevention are the most effective methods of self-protection. More information about the current reality of cyber threats in Southeast Asia and how businesses can respond to them can be found in BSA’s free ebook COVID-19 and Cyber Threats in Southeast Asia.
Download for free from this link: https://cyberfraudprevention-bsa.com/.