To reduce the risk of infection from the coronavirus, large parts of Norwegian workers work from home. This can pose a security threat to businesses. The authorities are now warning that we may see an increase in data attacks. And because of this, we had a chat with the security manager in Braathe Gruppen, Bård Eirik Lyche, on today's security picture.
Many managers do not take security seriously enough outside work. As soon as the employees work with the company's solutions outside the office, there are a number of security challenges that arise - often because the employees are not properly trained in security.
Make employees aware and give them access to the resources they need to get the job done safely and responsibly.
Home office offers great opportunities, but also brings great risks. When you take the work PC out of the office and continue to work towards the company's solutions, a number of security challenges arise. One of the first things to do is make sure that the equipment used is up to date. Especially when it comes to security updates, for both operating system and software. Another thing that can pose a big risk is if you let the kids download unknown games or apps on the PC. These may contain malicious software or provide criminal access to business solutions.
In some cases, you have not received your own equipment from the employer, and you may end up in an extra vulnerable situation. Then it is important to think about who has used the equipment before and which sites have been visited before. Without knowing it, the equipment may already be infected.
It turns out that more cyber attacks have been attempted now that many have created home offices. Attackers exploit the fear associated with COVID-19, claiming to be the government or public health institute. That is why it is important to be even more careful now, when you receive emails or SMS from unknown recipients.
It is more important than ever to protect knowledge in order to secure technological advancements and to keep the technical takeover. We are seeing more advanced and targeted networking operations for both private and public companies. Phishing is a widely used way in which the attacker sends an email or SMS asking for sensitive information. Often it looks like the sender is a credible company or, at worst, the director of the company.
I would recommend that managers inform employees about the ongoing situation and encourage them to notify if they receive unsafe messages.
Do you have a secure platform for your employees?
Something I find important these days is that the employees in Braathe Gruppen uses a secure platform to keep attackers out of our systems. In our private cloud - BRA Nettsky, we store data on a separate server. The data is only available through encrypted links.
Home office employees should have access to the resources they need to do their job safely and securely. We use Microsoft Office 365 cloud solutions to easily collaborate on secure files. Here, employees have the opportunity to save PowerPoint presentations or Word documents that they collaborate on, in SharePoint or OneDrive. When they work on these platforms, the work is automatically saved.
Proper use of the equipment
We see that it is very important that companies have clear routines for how the individual can connect to the company's resources from their home office. If multifactor authentication solutions have not already been established, it is about time. This makes it much more difficult for an attacker to get into the account. In addition, we recommend using a unique and strong password when logging on to the company's resources.
It is also important that parents who work from home are extra careful about locking the screen or logging out of corporate systems when they are not working. It doesn't take much until your kids have touched the PC and documents can be erased quickly.
I therefore recommend that you always lock the device, even if you just have to get a cup of coffee.
In conclusion, one of the most important tips will still be to think about one more time: Stop - Think - Check Before You Click. If there is an email from your boss asking you to transfer an amount to an account, double check using something other than email. Send an SMS, a message on Teams or call. It is also important to create a positive reporting culture in the company. Even if you did not transfer the money, your colleague may receive the same mail the next day. Notify, so the situation does not get worse.