Cybercrime, like other forms of antisocial acts, feeds on the vulnerability, recklessness and neglect of the victim.
Lately, computer hacking and cyber-malveillance acts have literally exploded. The health situation of the world favours the deployment of malware, which targets all those who today confined, often use the Internet in a careless way. And the same is true in business. But we can protect ourselves from these computer contaminations. Just ask yourself the right questions and find the answers.
1- Access to the system
For companies whose employees now work remotely, it is important to consider whether the process of remote access to the company's IT system should be simplified or not. This question is legitimate because several companies have decided to simplify access to the computer system from the outside to facilitate remote collaboration with their employees. However, this risk has proven to be dangerous. Several companies have paid the price.
Question on the implementation of methods to protect the identification of users when accessing the system by certain known methods such as multi-factor authentication.As we all know, the main security flaw in this area is of course on the human. It is not uncommon for many people to use the same passwords for different services. It is enough that the password is cracked once to compromise all other services. And this is the case for the company. to ensure that an employee is not in this situation, wherever the employee has had his password stolen by another means, it is normal to set up a multi-factor authentication system that allows you to start with the password and confirm it by another method. it may be a randomly generated code sent by email or text, it may be an authentication key such as Google's Titan key. In other situations, biometric authentication measurement.
Have the security patches been applied? There is no unsealed security information system, at least not at this time. That's why some specialists, suppliers, make available to their users and customers, fixes that can close security vulnerabilities. And this exercise continues as long as the system is still in operation. As a result, IT systems managers need to make sure there is one thing. That they made the last security fixes. Because, if you discover a security flaw, know that a hacker may be able to find out too. With telecommuting, IT teams need to find a way to extend updates to employees regardless of their location. Neglect at this level could be very damaging.
4) Technical support
Another important point especially in this period of confinement and telework. It is whether the IT management or anyone in charge of the IT system has anticipated an increase in requests to the IT team. Indeed, employees who work from home will inevitably face problems of an IT nature. It could be a hack, a bug or a mishandling making it difficult for some essential actions. To do this, these teams must prepare themselves by implementing a real-time tracking method to avoid too much pressure build-up.
It will be a question of questioning the scope of awareness of the various cyber risks. Have computer threat awareness been effective and well-implemented? Do employees know enough not to be surprised by these kinds of incidents? Because of course they will be targeted. This period of confinement favours him. The idea is to ensure that traditional phishing techniques by sending SMS or emails to lure you to a corrupted platform can no longer be effective on them. Millions of fake electronic correspondences are circulating in relation to the pandemic that is currently hitting the world. All it takes is one moment of inattention and you get caught. It is important to have enough information for your employees about the risks and the modus operandi. Because if this seems obvious to specialists, it is not for the user of the web lambda.
Finally, do your employees have a tool to report any computer incident?
As has been pointed out, remote work exposes a great deal of enterprise. Because an infected employee is an effective vector to challenge the overall security of the computer system. For this reason, the latter must have a means to inform information system security officials when they are found to have been targeted by a cyber attack or involved in an incident. And this even if the cyberattack failed. In this context, security officials then take their steps to ensure that contamination is not initiated from this employee.
Now access an unlimited number of passwords: