Companies from around the globe have shifted to work-from-home schemes as countries face the coronavirus disease 2019 (COVID-19) threat.
And while the flexibility is convenient to some, this set-up might actually put an organization's cybersecurity at risk, Microsoft Digital Crimes Unit warns.
And so, Assistant General Counsel and Regional Lead of Microsoft Asia's Digital Crimes Unit Mary Jo Schrade shared some of the best practices in establishing remote work set-ups, and how companies can combat the most prevalent cyberattacks.
1. Beware of phishing
According to Microsoft's website, phishing is when someone attempts to steal sensitive information through emails, websites, text messages and other forms of electronic communication that often look like official communication from legitimate companies or individuals.
Those text scams allegedly from telecoms claiming you won a raffle is an example, as websites trying to look like online banking platforms.
Microsoft's Schrade said, "Since the COVID-19 pandemic began, hackers have ramped up phishing and ransomware attacks by fivefold, according to some estimates, in order to harvest sensitive information from users.”
According to Microsoft's statement, an estimate of 91% of cyberattacks begin with an email "which either leads to malicious links directly or which contains dangerous attachments."
2. Activate the multi-factor authentication
Working from home has rendered us slaves to every imaginable messaging app — from GChat to FB messenger to Viber, Whatsapp, Telegram, and Zoom — just to make sure we are able to communicate clearly within our teams and through departments.
Because of this, we open ourselves and our teams to increased risk. According to Schrade, the best thing users can do to improve security for employees who are working from home is to turn on multi-factor authentications (MFA).
According to Microsoft, MFA "increases your account security by requiring multiple forms of verification to prove your identity when signing into an application."
Companies can check out their website on how they can activate and apply it to other apps.
"Remember that this works best by also using block legacy authentication protocols that allow users to bypass MFA requirements," Schrade said.
3. Communicate with your team on how to distinguish official messages
Microsoft "recommends that every organization should establish a clear communications policy to help employees recognize official messages."
In this way, employees and the organization can avoid being a victim of phishing.
"Leaders should warn their employees to expect more phishing attempts, including targeted spear-phishing aimed at high profile credentials," Schrade said.
Meanwhile, Microsoft said employees should be vigilant for "urgent requests that violate company policy, use emotive language and have details that are slightly wrong."
Companies should also provide guidance to their employees on where they can report such suspicious messages should they receive one.
"Now is a good time to be diligent, so leaders should be clear on what official communications about business continuity and health and safety should look like and from where they should originate,” Schrade said. — Jannielyn Ann Bigtas/LA, GMA News