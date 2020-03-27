There has been an increase in the number of cyber attacks on personal computer networks and routers since professionals were asked to work from home in the wake of the COVID-19 outbreak in the country, the national cyber security agency said Friday. .

"Cybercriminals are exploiting the COVID-19 outbreak as an opportunity to send phishing emails claiming to have significant updates or encourage donations, posing as trusted organizations," CERT-In said in its latest advisory to Internet users. .

India's Computer Emergency Response Team (CERT-In) said the phenomenon has been witnessed as many organizations have asked their staff to work from home to help stop the spread of the coronavirus that has claimed thousands of lives. worldwide and infected millions.

"Switching to remote work due to COVID-19 can create cybersecurity problems for employers and employees.

"There is an increase in the number of cyber attacks on unprotected computers, routers and home networks used by employees who have switched to remote work due to the spread of COVID-19," he said.

With the majority of employees working from home, the agency said, enterprise VPN servers have now become paramount to a company's backbone, and their security and availability should be the focus for IT teams. information).

"It is important that the VPN service is up to date and up to date because there will be much more scrutiny against these services," he added.

The CERT-In also suggested some security best practices and countermeasures in this context: change the default passwords of your home Wi-Fi router to prevent hackers from accessing your network; use strong and unique passwords on each account and device and use two-factor authentication (2FA).

Some other countermeasures include: Disallow the sharing of work computers and other devices. When employees bring work devices home, those devices should not be shared or used by anyone else in the home, he said.

"This reduces the risk of unauthorized or involuntary access to the company's protected information," the notice stated.

He asked users to update VPNs, network infrastructure devices, and devices that are used remotely in work environments with the latest software patches and security settings.

"Only use software that your company would normally use to share files and refrain from using your personal email or third-party services unless you are reliably informed," he added.

It is recommended that even remote user activity be covered by the organization's perimeter security tools, according to the notice.

"Make sure that remote sessions automatically expire after a specific period of inactivity and that they require new authentication to gain access," said the CERT-In.

He also urged IT teams in organizations to remind employees of the types of information they need to protect.



"This often includes information such as confidential business information, trade secrets, protected intellectual property and other personal information," the notice said.

"Additionally, the 'password reminder' functions should always be disabled when employees log in to the company's information systems and applications from their personal devices," he said.

A specific suggestion for IT teams was "consider Mobile Device Management (MDM) and Mobile Application Management (MAM)".

"These tools can enable organizations to remotely implement a number of security measures, including data encryption, malware analysis, and data erasure on stolen devices," he said.

CERT-In is the country's nodal agency to combat cyber attacks such as piracy and phishing and is also mandated to strengthen the security of the country's Internet domain.