As many companies adopt work-from-home policies in response to the COVID-19 pandemic, cybersecurity is a growing issue. 

In response, the World Economic Forum has released a guide on how businesses and employees can protect themselves against cyberattacks while working from home during COVID-19. 

How Businesses can Respond

In this critical time, business leaders have a heightened responsibility to set clear expectations about how their organizations are managing security risk in the new work environments, leveraging new policies and technologies and empowering their employees, says the World Economic Forum. Here are three recommendations for business leaders.

  1. Understand the threats to your organization. Business leaders should work with their security teams to identify likely attack vectors as a result of more employees working from home and prioritize the protection of their most sensitive information and business-critical applications.
  2. Provide clear guidance and encourage communication. They must ensure that home-working policies are clear and include easy-to-follow steps that empower employees to make their home-working environment secure. This should include instructing employees to communicate with internal security teams about any suspicious activities.
  3. Provide the right security capabilities. Leaders should ensure all corporately owned or managed devices are equipped with essential security capabilities, extending the same network security best practices that exist within the enterprise to all remote environments. These critical capabilities include:
  • An ability to securely connect users to their business-critical cloud and on-premise applications, such as video teleconferencing applications increasingly relevant for remote work environments
  • Endpoint protection on all laptops and mobile devices, including VPN tools with encryption
  • An ability to enforce multi-factor authentication (MFA)
  • An ability to block exploits, malware and command-and-control (C2) traffic using real-time, automated threat intelligence
  • An ability to filter malicious domain URLs and perform DNS sinkholing to thwart common phishing attacks. 
 

How Individuals can Respond

Individual users must be empowered to follow the guidance provided to them by organizations and take preventative measures, says the World Economic Forum. These include:

  • Maintain good password hygiene. Employees should use complex passwords and multifactor authentication where possible and change these passwords frequently.
  • Update systems and software. Individuals should install updates and patches in a timely manner, including on mobile devices and any other non-corporate devices they might use for work.
  • Secure your WiFi access point. People should change their default settings and passwords in order to reduce the potential impact on their work of an attack via other connected devices.
  • Use a virtual private network (VPN). VPNs can help create a trusted connection between employees and their organizations and ensure ongoing access to corporate tools. Corporate VPNs provide additional protection against phishing and malware attacks, the same way corporate firewalls do in the office.
  • Be wary of COVID-19 scams. We’ve seen phishing e-mails, malicious domains and fake apps out in the wild already. Threat actors love to exploit real-world tragedies, and COVID-19 is no different.
  • Don’t mix personal and work. Employees should use their work devices to do work and their personal devices for personal matters. If you wouldn’t install or use a service while you’re at the office, don’t do it while at home on your work device.