• Employers should have a way of verifying their workmates and remember to restrict critical operations like payments and operations to a few people in the company
• When the attackers have access to your private network they can steal your personal information or misdirect traffic
With the Coronavirus forcing companies to enable their employees to work from home in order to meet their targets, it is a prime time for cyber attackers to target businesses as more employees are working from home.
The attacks can be in the form of malicious software in the employees’ personal computers or through phishing emails to intercept sensitive communication.
There are various ways in which employees working from home can be safe from cyber-attacks. By changing their default Wi-Fi passwords which are easily predictable.
When the attackers have access to your private network they can steal your personal information or misdirect traffic through an attack called Man-in-the-Middle (MitM) in networks. You should, therefore, choose a password that is easy to remember and hard for an attacker to guess.
You should do regular backups. This is done by ensuring that you make a copy of any critical projects that you are working on. In case of any hardware failure, device loss or ransomware attack, you can be confident that your critical data is safe. If you are using back up services like Google Drive ‘One Drive or Dropbox’ make sure you have file synchronisation off.
Make sure you update your software and Operating System so as to avoid leaving an open door for attackers on your Personal computer. You should not install any pirated software or Operating System on your computer since they are usually bundled with malware. If you cannot afford the Software or Operating System look for an Open-Source alternative.
Use a password manager. To avoid reusing a password, you can utiliSe a password manager which will generate and maintain all the passwords you require. The only thing you will need to do is remember a single master password to access the password wallet or vault.
You can enforce a 2FA on your accounts. The 2FA stands for two-factor Authentication.
It is a security measure ensuring authentication to your personal accounts like email and online banking are not relying on passwords only but another layer of authentication that tries to prove the owner is accessing the account.
The most commonly used online services have the option of adding your phone number or email address for a one time password.
Watch out for phishing attacks. A phishing attack involves an attacker who tries tricking a victim into doing things that will help in achieving a cyberattack. The attack is usually in the form of emails, SMS or phone calls that seem to be from a reputable source.
To be safe from these attacks do not click links in what seems to be a malicious email or providing information to random people. During this period of Covid-19, the employer should define the Standard Operating Procedures.
The employers should have a way of verifying their workmates and remember to restrict critical operations like payments and operations to a few people in the company.
Charles Okwembah writes for the Star and John Ombagi is the Security Operations (SOC) Technical Lead at iLabAfrica, Strathmore University