Why Cyber Hygiene is More Important Than Ever

With an increasing number of employees working from home, practicing cyber hygiene has become as important as practicing physical hygiene. Staying safe during the pandemic is essential, as is keeping safe the company’s networks and all enterprise assets.

What is Cyber Hygiene and Why Does It Matter?

Organizations practicing effective cyber hygiene typically engage in a set of regular routines that often include:

  • Keeping an accurate inventory of software and hardware on the corporate network
  • Upgrading older systems and infrastructure on a regular and as-needed basis
  • Regularly backing up valuable data
  • Limiting privileges to a select number of users
  • Establishing a process that end users must employ to install new hardware
  • Patching all applications regularly
  • Identifying and disabling vulnerable applications
  • Educating users on the value of proper security procedures — including the creation of strong passwords

Cyber hygiene is about doing the right things every day to guard against wear and tear, technological obsolescence, and security threats. By addressing vulnerabilities before they become problems, all IT resources are kept in secure running conditions.

Why Cyber Hygiene is Essential During the COVID-19 Crisis

Remote Access Risks

The use of personal devices to access the corporate network brings an increased security risk. These personal devices are typically less secure than work-issued devices, and thus bring the threat of compromised credentials, malware, and more. For this reason, remote workers need to practice cyber hygiene on all devices they use to access the company’s server. This includes but is not limited to employing stronger passwords and anti-malware protection.

Additionally, most remote workers access their corporate resources via home wireless networks. Home networks are often configured with minimal or no wireless security, making it possible for hackers to break into them. Cybercriminals can use this route to piggyback into the corporate network and access otherwise protected assets. Because of this, many companies are requiring users to access their networks via secure VPNs.

Social Engineering Risks

Any national or global emergency creates fertile ground for opportunistic fraudsters. People are eager for new information about the crisis and are apt to click on more coronavirus-related links than they might normally. It is difficult, even in the best of times, to tell the difference between legitimate links and fraudulent ones. In the current crisis, it’s easy for anyone to click on a link that promises some new development.

Experts have noticed a surge in cybercriminal activity due to bad actors exploiting the public’s rising fear and uncertainty. Besides the increase in phishing schemes spread via email, social media, and instant messaging, there has been an increase of “clickbait”-type stories and advertisements designed to infect devices with spyware and other malware when users go to the linked sites.

One sign of this is the recent surge in the registration of coronavirus-related domains. There have been more than 4,000 registrations for domains related to the coronavirus since the beginning of the crisis. Moreover, analysts believe these domains will be more prone to malicious activities (by up to 50%) than others registered within the same period.

Malware is also being spread via attachments to emails with subject lines like “coronavirus cure.” Curious recipients click on the attached file and install the malware on their systems. Remote workers should be encouraged not to click on unexpected attachments and report suspicious emails to IT staff.

Video Conferencing Risks

With these video conferencing options, it is possible for unauthorized users to surreptitiously join the conference and overhear confidential information. It’s also possible for malicious users to access employees’ desktops or infect them with malware files.

Wickr Pro: The Secure Communications Platform

Originally published at https://wickr.com on July 30, 2020.

Secure Ephemeral Communications. Built for the enterprise. End-to-end encrypted messaging. Secure rooms. Peer-to-peer encrypted file sharing. Multi-platform.