Ensure that the antivirus on your computer is updated, use strong
passwords and multi-factor authentication where applicable. FILE PHOTO |
NMG
Summary
- Netflix and other popular video services have become the new form of entertainment as working from home becomes the norm.
- So when a colleague or friend forwards you a message that offers you a free account or three months free viewing, the primary response is to sign up immediately, after all it is three months of free viewing.
- The reality of the matter is that it is a scam and most people will go ahead and input personal details and credit or debit card details as requested by the links.
Netflix and other popular video services have become the new form of entertainment as working from home becomes the norm.
So
when a colleague or friend forwards you a message that offers you a
free account or three months free viewing, the primary response is to
sign up immediately, after all it is three months of free viewing.
The
reality of the matter is that it is a scam and most people will go
ahead and input personal details and credit or debit card details as
requested by the links.
There are also those emails and
alerts providing more information on Covid-19 and promising vaccine or a
care kit at a small fee.
“The biggest risk is the
phishing wave that is going around. Attackers are finding innovative
ways to leverage the anxiety and panic around Covid-19 to send out
phishing emails to unsuspecting individuals.” Says Jeff Kirumba, a
technology consultant.
“They can usually pose as alerts on the pandemic and are often
indistinguishable from legitimate alerts that may be sent out from your
company or other legitimate sources such as WHO.”
His advice?
Ensure
that the antivirus on your computer is updated, use strong passwords
and multi-factor authentication where applicable; be very vigilant about
emails, text messages or calls that may ask you to take unusual actions
such as clicking links to access information, opening certain
attachments or providing personal information such as PINs and
passwords.
Ensure that you only open emails and
attachments from email addresses that you recognise, and if you’re not
sure whether the email sent to you is from a legitimate source, report
it directly to your IT team for verification; avoid downloading content
from unapproved sites such as torrent sites. These downloads often
contain trojans that may infect your computer and even your work network
and computing resources with viruses or ransomware and finally, ensure
you use collaboration tools (chat, work tracking and conferencing) that
are encrypted and have been tested and approved by your organisation.
Facebook,
Google and Indeed were among the very first companies to ask their
employees to begin working from home when Covid-19 became a global
threat. Just a few weeks in and with Covid-19 continuing to ravage the
globe, more and more companies have been forced to, as a matter of
urgency, think about the best ways to sustain their productivity even as
employees have to work from home.
Cyber-scam and hacking
The unprecedented traffic on the internet definitely raises the question of cyber security.
“Of
course, flood gates are open for cyber-scams and hacking attempts and
organisations have to be vigilant,” says Dr Ken, Okong’o, Data
Protection and ICT Policy Expert.
More
and more meetings now happen virtually through software such as Zoom,
Google Hangouts and Skype; and other forms or online communication and
file sharing have become the order of the day.
“The
change of work location to the home setting presents a ripe opportunity
for ‘social engineering’ attacks from family where they are likely to
access unauthorised information. They can also eavesdrop or intercept
your connection. Thus, organisations have to invest a lot more effort in
pivoting from office workstations to laptops at home,” notes Chrisgone
Adede, a Data Science Expert.
Without belabouring the
point, as a matter of urgency, organisations and individuals must adopt
best practices to maintain safety of data and employees even as working
remotely continues to be the obvious fallback option.
“In
our current context, organisations that support remote working face
increased risks due to the volume of external data traffic they have to
handle. The data increases the surface of attack for malicious actors,
who may either try to directly intercept information as it is being
transmitted over the internet or through breaching individual endpoint
machines,” Kirumba, a technology consultant says.
Change passwords
These
threats as Okong’o adds, could either be internal or external to the
organisation, with contributing factors including things such as
unsecured infrastructure like Wi-Fi networks and use of personal devices
to access corporate networks in the absence of policies governing
remote working.
Another important area of note is your
home router. How often do you change the password? An attack on the
router is an attack on all devices connected to it.
“Home
routers should have their passwords reviewed on a regular basis. Often,
many people do not even change the router password at all and this
makes the home network very vulnerable and so malicious parties can
always gain access to the devices connected on the router,” says Okong’o
Well,
are you in the league of people who do not know the extension or email
address to your organisation’s IT department? Rectify that omission as a
matter of urgency because you need to familiarize yourself with the
additional measures put in place to protect you while you work online.
Organisations
also need to take some critical steps by either updating or enforcing
IT policies to ensure their cyber security posture is not threatened.
“To
begin with, organisations that have not done so already need to
implement remote access virtual private networks (VPN). These dial-up
network have remote users with client software installed in their
machines and so together with network access server, this enforces
multi-factor authentication measures. Forced software update strategy is
also a plan. When software are updated, only authorized versions are
allowed into the corporate network,” explains Adede.
So
the next time you see your computer prompting you to update a software,
press “okay”, this is for your online safety. Adede also advices that,
when employees need to use additional devices such as smartphones to
supplement the office PC, it is important that organisations take some
time to create awareness on this front to ensure devices brought into
the networks to supplement work laptop come with some form of protection
such as robust antivirus software or customized firewalls so that there
are no spaces for invasion by malware.
“Though often
the automatic updates annoy, they really are imperative for the security
of organizational informational assets as they include patches for
security vulnerabilities uncovered since the very last iteration of the
software as released. In any case, these can be set to run
automatically, often while asleep so that you are unworried about
downtime,” says Okong’o.
In conclusion, therefore,
there are increasing risks in the cyberspace now that traffic is
bursting at the seams and if you do not take the necessary steps, it is a
matter of when and not if, the attacks come.
No comments :
Post a Comment