Technology plays a significant role in the new work setup with meetings conducted through video conferences while the world copes with the effects of COVID-19. Recent news of security risks in some video call platforms alarm organizations especially because what’s being discussed in these conferences are critical organizational matters.
Cybercriminals once again find vulnerabilities in this new setup.
Kaspersky researchers have already seen examples of coronavirus or COVID-19-related malware trying to piggyback on the virus, hiding malicious files in documents purporting to relate to the disease. But opportunities for online security to be compromised doesn’t end there.
“With a lot of countries in Southeast Asia under different forms of lockdowns, companies are now finding ways of using technology to keep their businesses’ continuity,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. “From face-to-face meetings, we have seen the rise of video conferencing. Cybercriminals are aware of this trend and they can exploit and infiltrate through different entries, such as insecure Wi-Fi, network without encryption, use of weak passwords, and poor or neglected app permissions, among others.”
IT departments globally are facing their biggest networking challenges currently as we see unprecedented numbers of people connecting remotely to corporate networks, putting additional pressure on already strained IT and security infrastructure. Once a device is taken outside an organization’s network infrastructure and is connected to new networks and WIFI, the risks broaden and increase.
“We would like to believe that companies around the world are now aware of the importance of securing their applications and websites, especially with the current shift in the IT environment we now face because of this pandemic. However, the reality is that many organizations are not geared up for people to work from home and are thus trying to understand the challenges in real-time, under exceptional circumstances. While for some, it is more commonplace and now is a good time to re-examine security around remote access to corporate systems,” Yeo said.
There are simple steps that organizations can take or ask people on their network to take to reduce the cyber-risks associated with remote-connectivity.
Kaspersky experts advise the following:
- Provide a VPN for staff to connect securely to the corporate network
- All corporate devices – including mobiles and laptops – should be protected with appropriate security software, including mobile devices (e.g. allowing data to be wiped from devices that are reported lost or stolen, segregating personal and work data and restricting what apps can be installed)
- Always implement the latest updates to operating systems and apps
- Restrict the access rights of people connecting to the corporate network
- Ensure that staff are aware of the dangers of responding to unsolicited messages
Specifically for video conferencing, Kaspersky suggests companies to:
- Assess the security features of the platform you will use
- Be sure that your apps are updated
- Read and set the permissions carefully, both during the conference and in the storage of the conference recording
- For user authentication, use a single sign-on (SSO) so your IT team can track and verify credentials
- Encrypt and secure your network tightly
- Create a video conferencing policy which will set expectations as well as boundaries among all its participants