Working From Home & Cybersecurity. A Q&A With Marek Ostafil, Cyberus Labs Co-founder & COO
One area that is often overlooked with this change in working patterns due to the coronavirus, is the threat of dangerous, new cybersecurity threats.
These unprecedented times have resulted in a major shift in how people are working, with many organisations requiring employees to regularly work from home for the first time.
We spoke to our COO & co-founder, Marek Ostafil, to determine how businesses can stay cyber safe while their employees work remotely from home.
How are cybercriminals exploiting people working from home and playing on their anxieties?
People are receiving many requests to login into bank websites or other internet services to provide credentials that are “needed” by those entities because of the coronavirus problem and urgent need to contact users. Similar emails inside large organizations sent by the “supervisor” asking to login to some corporate service. In many cases, employees are quite new to remote working, which means procedures are being created on light and in many companies there are no or very little means to verify those requests. Not to mention that users are under a lot of stress so are less vigilant than normal and are not able to recognize which request may be legitimate and which not.
What else is now more at risk for businesses and individuals?
More than anything attacks are focusing on requesting credentials, asking users to login to websites (which of course are fake) created with the purpose to get users credentials and obtain unauthorized access to accounts and services.
Do you think employers should take a lead and ensure workers ought to boost their cybersecurity, or is the onus on individuals?
There is no “one” responsible side. Of course, employers should lead as they cannot expect employees to have initiative here. Employers should provide the relevant, secure tools but employees must also adhere to regulations and stay vigilant.
What products are likely to improve cybersecurity for home workers? What are the cheap quick wins?
Cheap and quick wins are in most (if not in all) cases neither cheap nor quick! If we do something we should do it right from the beginning. Today’s situation also shows that many years of neglecting cybersecurity takes its toll also under such circumstances. Use this opportunity to introduce good solutions: these that provide 2 factor authentication and…. are not using passwords.
What are the practical tips people working from home can take to improve their cybersecurity?
Stop using password-based solutions. If you must use them, do not save passwords in the browsers or on the computer. Use company equipment when working at home, before accepting the sent link, assume that it is a phishing attack, do not open unexpected attachments – it is always better to spend some extra moments to verify the sender than to cause financial or repetitional damage to the company.