25 February 2021 (MY) – A Malaysia online job survey reported that 67% of the companies required their staff to work from home (WFH) amidst the continuing pandemic situation. Another survey reported that 69% employees want WFH to continue after Movement Control Order (MCO), with 56% of business owners supporting that. Amidst more Malaysians conducting work tasks inside the comfort of their homes, Kaspersky Security Network (KSN) today reveals that it has detected a 33% rise in web threats in the country last year.
KSN is a complex distributed infrastructure that integrates cloud-based technologies into personal and corporate Kaspersky solutions, with cybersecurity related data streams from millions of voluntary participants around the world.
Table: Web threats
“One thing that Malaysians would remember very well about 2020, other than COVID-19, was the shift of major tasks online, mostly inside the four corners of their homes. It is a common scenario to see working parents juggling between doing their jobs and assisting on their kids online classes. The stress of finding balance has understandably affected each of us emotionally and psychologically— which created the best scenario for cybercriminals who have clearly exploited the situation,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
“We have seen several incidents of scams and social engineering tactics last year, which is aimed at tricking the human mind to steal money or information. Most of which used buzzwords related with COVID-19. Avoiding such require a lot of calmness and vigilance, which is a tough one to have amidst the chaos that is the pandemic,” he adds.
Amongst the noticeable factors behind the uptrend of web threats in Southeast Asia were the web-skimmers, which is a form of internet or carding fraud where a payment page on a website is compromised has grown by about 20%. Majority of the web threats were targeted on home users in Malaysia, 17.7% whereas business users at 7.1%.
The Top five web threats in Southeast Asia in 2020 were:
- Malware in web traffic is found during browsing scenarios – when user visits infected site or online advertisement performs unfair action
- Unintentional downloads of certain programs or files from the internet
- Downloading malicious attachments from online e-mail services
- Browser extensions activity
- Downloads of malicious components or communications, performed by other malware
Cybersecurity Malaysia (CSM) urged all internet users to take responsibility for protecting themselves and increase their awareness about such threats.
“CSM’s eSecurity, published last year, highlighted the importance of inculcating a continuous learning culture in cybersecurity. The pandemic has blurred the lines dividing corporate defences and home security. Remote work, online classes, digitalisation across all sectors will continue, at least for 2021, and it is high time for enterprises, of all shapes and sizes, to understand that online threats even against individuals should now be considered as risks against companies. We need to remember, cybercriminals, never sleep. Hence our security solutions should be automated, intelligence-based, and proactive,” adds Yeo.
For companies observing remote work, Kaspersky experts have the following tips to help employers and businesses stay on top of any potential IT security issues and remain productive while staff are working from home:
- Ensure your employees have all they need to securely work from home and know who to contact if they face an IT or security issue.
- Schedule basic security awareness training for your employees. This can be done online and cover essential practices, such as account and password management, email security, endpoint security and web browsing.
- Take key data protection measures including switching on password protection, encrypting work devices and ensuring data is backed up.
- Ensure devices, software, applications and services are kept updated with the latest patches.
- Install proven protection software, on all endpoints, including mobile devices, and switch on firewalls. Small and midrange enterprises can also opt to use a Kaspersky Endpoint Detection and Response Optimum to boost their defences against complex threats.
- Ensure you have access to the latest threat intelligence to bolster your protection solution. For example, Kaspersky offers a free COVID-19-related threat data feed.
- Double-check the protection available on mobile devices. It should enable anti-theft capabilities such as remote device location, locking and wiping of data, screen locking, passwords and biometric security features like Face ID or Touch ID, as well as enable application controls to ensure only approved applications are used by employees.
- In addition to physical endpoints, it is important to protect cloud workloads and virtual desktop infrastructure.
For users, here are the top online security tips for work from home and home-based learning:
- Ensure your router supports and works smoothly when transmitting Wi-Fi to several devices simultaneously, even when multiple workers are online and there is heavy traffic (as is the case when using video conferencing).
- Regularly update your router to avoid potential security issues.
- Set up strong passwords for your router and Wi-Fi network.
- If you can, only do work on devices provided by your employer. Putting corporate information on your personal devices could lead to potential security and confidentiality issues.
- Do not share your work account details with anybody else, even if it seems a good idea at the time.
- Always feel able to speak to your employer’s IT or IT security team if you have any concerns or issues while working from home.
- Follow the rules of cyberhygiene: use strong passwords for all accounts, do not open suspicious links from emails and IMs, never install software from third-party markets, be alert and use a reliable security solution.