Working from home, social distancing and self-isolation are some of the new buzz phrases that have arisen with the advent of the Coronavirus disease pandemic.
One of the earliest steps that many organisations took was to ensure that most personnel who are regarded are non-essential work away from the office environment.
This of course means that each person would of necessity use their own devices, either laptops, desktop computers or phones and tablets to communicate with their colleagues, serve clients and submit reports.
The organisations have had to reengineer their respective networks to allow either all or some of the staff members to connect remotely and access their organisational networks in order to execute their assignments effectively.
For some organisations, such as financial services firms, some of their systems may be structured in such a way that remote access is disallowed.
But there are others, including public institutions, that have to make their services available to staff working from home.
It is a tough time for system administrators, network engineers and information security officers as they carry the burden of sustaining business continuity.
This period of working from home and self-isolating however also serves to remind the senior management executives about the security of their networks and therefore of their information. This is because, it is also a time to expect heightened activity by cyber criminals as they know that many organisations have opened up their networks and many individuals do not necessarily exercise stringent access to their devices and therefore the networks to which they connect.
There is a higher degree of use of social media platforms and therefore a stronger tendency for people to share links to websites. What they do not realise is that some of these are malicious links and it takes only one person in an organisation to click the link that will infect everyone else. We must think thrice before opening that link.
The attacks may come in form of what we refer in technical jargon as phishing, a phenomenon where the marauding users send a seemingly innocent email, possibly linked to a news source. Once the recipient clicks the email, it introduces a virus into the email network, which then proceeds to ‘collect’ usernames and passwords. These are transmitted back to the attacker to be used later for entry into the network to effect more damage.
Most people find the prospect of changing their passwords and using complicated ones tedious. But in order to keep our networks safe from intruders, more than any other time, this is a period that requires regular change of your passwords. And we must make them as complex as possible.
The Internet is nowadays used to study people and cyber attackers know that it is easy to find passwords. This applies to everyone single device that someone is using. In this era of wifi in the home, any of the devices that use the network in the house is at risk.
Fake news is spreading widely at this time and it is important for us all to verify and rethink the sources before clicking share and therefore putting our colleagues at risk. Across East Arica, Uganda for instance, was last week observed to be the highest source of Covid 19 information search on Google. And since cyber criminals know that there will be a higher need for information, they have even gone ahead to create fake Covid-19 apps on the Google Play store.
Clearly securing these remote working devices is a huge responsibility. Fortunately, solutions, known technically as firewalls exist that can easily be rolled out across the network. The team has to ensure all Antimalware software is updated and running and continuously track machines showing infections.
Some of the third party software that we use for communication however pose a totally unforeseen risk, as we have witnessed with the Zoom videoconferencing service. In addition to hacking the service to access information about individuals, the cyber attackers also released a malware onto the networks. It therefore raises the need for serious cyber security testing for these applications before using them.
On the financial front, we needed to have some measures like increasing mobile money daily limits and transaction amounts increased. But as a professional, I am certain that these steps must have whet the cybercriminals’ appetite. It raised the transaction risk and so calls for even stronger vigilance, especially across our mobile devices.