Working from home? Attackers too.

“A security mindset is more important now than ever. In this pandemic attackers actively abuse the fear and panic in the society”, says Monica Verma, Chief Information Security Officer, at TietoEVRY.

The outbreak of the Coronavirus has been declared a pandemic. One of the key measures, as advised by national authorities, is to create physical distance between people to minimize risk of spreading the infection. 

With the exponential increase of coronavirus infection over the last months and more people working from their homes, cyber attackers have already started to abuse fear and panic to spread malware and defraud victims: 

The Brno University Hospital in the Czech Republic, which was also one of the COVID-19 testing facilities, was hit by a major cyberattack in March.

The consequence was that individual systems started to fail, leading to an immediate computer shutdown in the midst of the coronavirus outbreak.

TietoEVRY’s integrated annual report 2019 published

Monica Verma, Chief Information Security Officer, TietoEVRY Financial services, provides some guidelines to ensure continued security whilst working from home.  

“We are living in surreal times. A security mindset is more important now than ever. It is vital to create a comfortable work environment and secure digital interaction. Do not underestimate the psychology of security or lack thereof.”  

Monica Verma, CISO, TietoEVRY 

SECURING HOME OFFICE AMIDST CORONAVIRUS PANDEMIC 

How can you protect yourself and your organization digitally whilst working from home. Here are some basic but highly effective measures you can take.  

• Security mindset is more important now than ever. First of all – remember you are at work! Make sure you have a comfortable zone where you can work undisturbed.
• Be more vigilant and wary of ongoing scams, phishing campaigns and clicking on suspicious links that are related to Coronavirus. Attackers are using fake Coronavirus domains to lure and scam people seeking information about the virus, and to target people with the goal of spreading malware, stealing digital identities, etc. 
• Threat picture – evaluate your home office location and any inherent risk.Evaluate your surroundings and implement necessary precautions. Be aware of who is present nearby and might be listening or observing.  
• Protect your access rights, your computer, your working area and yourselves.Remember to log out when you leave your computer and be aware of storing the equipment in a safe and secure location. 

“In the midst of one of the worst pandemics our generation has experienced, we are seeing an increase in phishing campaigns and fraud, as attackers actively abuse the fear and panic in the society.”  

Monica Verma, CISO, TietoEVRY 

• Make sure both your router firmware and your anti-virus solution on your devices are up to date. Employees working from home should use a company-approved device. Always ensure your devices are up to date.
  
• Ensure that you follow best practices with regards to encrypting sensitive data at rest and in transit. Use HTTPS or end-to-end encryption whenever available or necessary. In case of sensitive or critical business applications, ensure you connect via a VPN. Amidst global challenges with VPN connectivity due to the pandemic and extensive home office, it is critical that you understand the difference between and use of end-to-encryption, thereby reducing dependency on VPN. 
  
• Employees connecting through their home Wi-Fi must ensure that they have a strong password, and to avoid using public or unsecured networks, such as at cafes. Amidst this pandemic, you shouldn’t be working from cafes anyway, to support flattening the curve of COVID-19 infections. Ensure your Wi-Fi is set to use WPA2 encryption only.

• Use two-factor authentication, preferably with authenticator app or hardware token. This is one of the most important practices to secure your accounts. If not possible to apply always, ensure to use it whenever and wherever possible, particularly with all sensitive and critical applications.

• In case of suspicious email, please report to your security department or your company’s anti-phishing email address right away. 

Remember – at this point you are the “Human Firewall”. 

Three-year sustainability plan delivered with good result.

Continued security is essential for business continuity, particularly towards critical societal infrastructures and services such as healthcare, finance, energy, etc. It is vital that all security leaders ensure similar security maturity as before. In some focus areas, a higher security level is necessary during this pandemic, such as vulnerability scans, patching, detect and response, and security incident management.  

To ensure safety of all employees, TietoEVRY, as many other organizations worldwide, have instructed employees to work from home.  

Safety of our people and security of our customer deliveries are TietoEVRY’s top priorities. However, when more than 90% of the task force is working from home, how does one ensure security of customer deliveries, particularly when they are extremely critical and vital to our society.

Amidst an international crisis, it is more important now than ever for us to help each other stay safe and secure!