Ensure your VPN is strong: Cyber attacks growing as more persons work from home
28 March, 2020
There has been a rise in the quantity of cyber attacks on pc networks and routers since professionals were asked to work from home in the wake of the COVID-19 outbreak in the united states, the national cyber security agency said on Friday.
"Cyber criminals are exploiting the COVID-19 outbreak as an possibility to send phishing emails claiming to have important updates or encouraging donations, impersonating trustworthy organisations," the CERT-In said in its latest advisory to internet surfers.
The Computer Emergency Response Team of India (CERT-In) said the phenomenon has been witnessed as much organisations have asked their staff to work from home to greatly help stop the spread of the coronavirus which has claimed a large number of live worldwide and infected millions.
"There is an increase in the amount of cyberattacks on computers, routers and unprotected home networks employed by employees who have switched to remote working because of the spread of COVID-19," it said.
With most employees working from home, the agency said, enterprise VPN servers have finally become paramount to a company's backbone, and their security and availability should be the focus for IT (information technology) teams.
"It's important that the VPN service is patched and up-to-date because you will see a lot more scrutiny against these services," it added.
The CERT-In also suggested some countermeasures and best security practices in this context: Change default passwords of your home Wi-Fi router to avoid hackers from accessing your network; use strong and unique passwords on every account and device and use two-factor authentication (2FA).
Some other countermeasures include: Not allowing sharing of work computers and other devices. When employees bring work devices home, those devices shouldn't be shared with or employed by anyone else in the house, it said.
"This reduces the risk of unauthorised or inadvertent access to protected company information," the advisory stated.
It asked users to update VPNs, network infrastructure devices, and devices being used to remotely access work environments with the most recent software patches and security configurations.
"Only use software your company would typically use to talk about files and avoid using your personal email or 3rd party services unless reliably informed otherwise," it added.
It is strongly recommended that even remote user activity is included in the organisation's perimeter security tools, the advisory said.
"Make sure that remote sessions automatically periods after a specified amount of inactivity and that they require re-authentication to get access," the CERT-In said.
In addition, it urged IT teams of the organisations to remind employees of the types of information that they have to safeguard.
"This often includes information such as confidential business information, trade secrets, protected intellectual property and other private information," the advisory said.
"Also, 'remember password' functions should be switched off when employees are logging into company information systems and applications from their personal devices," it said.
A specific suggestion for this teams was to "consider Mobile Device Management (MDM) and Mobile Application Management (MAM)."
"These tools makes it possible for organisations to remotely implement a number of security measures, including data encryption, malware scans, and wiping data on stolen devices," it said.
The CERT-In may be the country's nodal agency to combat cyberattacks like hacking and phishing and can be mandated to fortify the security of the country's internet domain.
Source: www.deccanchronicle.com
TAG(s):