Sae Teleworking within COVID-19
As part of the measures to be taken in response to COVID-19, it is important to deal with cybersecurity issues relating to telework and potential abuses by malicious actors.
Remote workers have privileged access to network data, information and resources, so an increase in phishing attempts is to be expected, especially those targeting sensitive accounts.
In addition, special attention should be paid to any request (by email or telephone) that violates company policy and / or that encourages access to company information, especially if done so mention of COVID-19.
PRECAUTIONS TO TAKE
Take precautions when working in a public place to avoid theft of devices and data (all connections must be encrypted).
Use only reliable Wi-Fi networks.
Only use devices and services authorized by the company:
– approved home work technologies;
– a corporate virtual private network (VPN);
– no third-party services if you cannot otherwise access your standard systems;
– approved systems and services for communicating and transferring information
If you need corporate devices to work from home, make sure:
– to have formal approval for the borrowing of this material;
– that the required security solution (s) is or are correctly installed;
– use a VPN and encrypted connection where possible to protect both device data and corporate systems.
Personal devices are generally against organizational policies, but in the case of special authorization, ensure that:
– systems are properly updated;
– systems and software have an up-to-date antivirus solution;
– unnecessary data is not saved (eg Office documents);
– all company-related data will be deleted as soon as it is no longer required.
Personal devices are generally contrary to organizational policies, but in the case of special authorization, ensure that:
– systems are properly updated;
– systems and software have an up-to-date antivirus solution;
– unnecessary data is not saved (eg Office documents);
– all company-related data will be deleted as soon as it is no longer required.
Watch out for phishing attempts – handle COVID-19 email with the utmost caution:
– be wary of messages that inspire a sense of urgency, especially those with attachments or with clickable links “for more information”;
– also beware of the misuse of legitimate brands, in order to provide information related to COVID-19;
– watch for communications claiming to be from the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO).
NOTE TO THE IT SERVICES OF THE ORGANIZATIONS CONCERNED
It is strongly suggested that strong authentication be used for remote access and cloud services. This type of authentication, also called “multi-factor authentication (MFA)”, consists in using, in addition to a password, a second authentication factor such as for example a code sent by SMS to the cell phone, in order to make your different connections.
TALK TO US
We are here to reflect with you. To start the conversation, contact your professional teams at KPMG, write us a note at continuite@kpmg.ca and / or visit our KPMG Resource Center on COVID-19.
Do not hesitate to contact Francis Beaudoin, Partner and National Leader, Technological Risk Advisory Services, as well as Yassir Bellout and Guillaume Clément, Associates, Cybersecurity.
USEFUL LINKS
www.quebec.ca/coronavirus
www.canada.ca/coronavirus
KPMG Resource Center on COVID-19
Source: KPMG-EGYDE