By Jean Larroumets, President of EGERIE
As the risk of cyber-attacks increases due to companies’ expansion of remote working, EGERIE provides advice.
In these difficult times that impose confinement and encourage remote working to the maximum extent possible, some hackers rub their hands with glee. We need to be more vigilant. Just a few days ago, in the midst of the coronavirus crisis, hospitals in Paris were the victims of a cyberattack. It was a so-called denial-of-service attack. This involves generating a huge amount of simultaneous connections to overload servers and cause outages. But sometimes hackers also use ransomware, an electronic hostage-taking of data in exchange for a ransom. A virus is injected into the company’s system or messaging and the company responsible for paying a ransom to the hacker – with no guarantee of getting rid of it.
EGERIE, which publishes software solutions to support companies in implementing a strategy to protect their data, has been advocating the concept for several years: we must anticipate! Most disaster scenarios have been considered and analyzed in recent years to proactively prepare companies for the situation they face today. However, some companies have not heard this approach and are likely to be caught out without a plan of action – and to bear the brunt of it now.
“This is our DNA at EGERIE: anticipation,” says its leader Jean Larroumets. So, what advice?
Already, in the context of remote working, the companies that do best (except of course those in the digital sector) are those that allow their employees to use the cloud with remote access, the advantage being that “You can work from anywhere”. Of course, some companies such as those in the defence sector have so far not promoted telework and the use of the cloud for fear of having their confidential data leaked. We can understand their concerns. As a result, employees are stuck today or work “in degraded mode» as Jean Larroumets points out, with the risks mentioned above.
In addition, the intranet services of many companies are now being upgraded and are often dysfunctional due to the increase in the number of employees in telework situations. It is possible to draw the conclusion that if these companies had anticipated the principles and risks of remote working, they would not be as vulnerable today. It is up to them to draw consequences for the future.
Also beware of sensitive or strategic information transferred from unsecured equipment, such as laptops or personal tablets. Again, the companies that prepared for it were careful to provide adequate equipment to their employees (desktop, mobile phone and personal line…), with corporate level security, but many companies have taken a blended or staff-provided approach meaning that often corporate data is kept on personal devices. Hence Jean Larroumets’ advice to teleworkers: “Professional and personal uses must be separated so as not to generate harmful risks to the company.”
To protect his devices, there is nothing like a little tour of the site https://www.gov.uk/service-manual/technology/securing-your-information. This UK government platform for advice on digital risk assistance and prevention calls suggests actions that Internet users can take to strengthen their vigilance measures in times of pandemic. It provides a non-exhaustive list of best practices to adopt and pitfalls to avoid such as phishing.
Jean Larroumets raises another technique, the so-called “president fraud», which involves the hacker impersonating the CEO or Directors of the company by impersonating him to commit budgets and embezzle money. “There have been cases in the region,” says the Varese expert, and indeed cases across the UK and European region.
To fight digital viruses effectively, a user does not sleepwalk through automatic processes. They save their data, change passwords regularly, do not click on links whose origin is not known «There is a need to have a health of safety. These are reflexes like washing your hands. Quite a symbol in the period of COVID-19.”