informações de segurança, alertas para atualizações e novos produtos.

Information security in times of COVID-19

The security of corporate information cannot be neglected and must be taken into account in the context of teleworking, because despite the benefits brought by this way of working, there are a whole series of new types of vulnerabilities to be exploited by hackers. ...

Remote work or teleworking is already a reality in practically all companies that have suffered the consequences of the outbreak of COVID-19, because with the social exclusion measures to prevent contagion, many teams have been forced to work from home .

This phenomenon brings, in addition to many benefits, some risks that must be considered, in terms of information security. According to the security company Sophos, there are currently in Portugal about 8400 connections potentially vulnerable to attack.

All of this vulnerability is a good opportunity for hackers to carry out attacks such as phishing campaigns, DDoS and Ransomware. To help prevent these attacks, CNCS (National Center for Cybersecurity) has released some good practice advice for teleworking, such as:

  1. Use only devices authorized by your organization;
  2. Do not share these devices with family members;
  3. Ensure with your organization's computers that the devices are up to date and have antivirus and firewall enabled;
  4. Make regular backups to an external device;
  5. Avoid using public spaces wifi and always use your organization's VPN;
  6. Do not open emails or SMS from strangers and organizations from which you have not requested services, and do not click on links or attachments (beware of phishing related to the COVID-19 pandemic);
  7. Do not share professional information on social networks;
  8. Make sure your home wifi has a strong password.

SPB helps its customers by transmitting some important tips in the face of this new context that we are experiencing. The following are the main advice dedicated to any organization:

  1. Monitor your infrastructure frequently to discover vulnerabilities;
  2. Have a well-defined access policy;
  3. Whenever possible, use end-to-end security;
  4. Whenever possible, use two-factor authentication in all your applications;
  5. Validate the security of your systems through rigorous intrusion testing and vulnerability analysis; Protect your cloud;
  6. Protect yourself against Ransomware;
  7. Bet on training and make your users as aware as possible of these new needs.