Search
Close this search box.
Technology

Firm Details

KATS Law
+ 256 41 233 770
Radiant House, Plot 20 Kampala Road Kampala Uganda
+ 256 41 257 544
English and Swahili

How to detect cyber security threats

Cybersecurity

The COVID-19 pandemic has forced organizations to embrace widespread remote work for their workforce. The sudden changes have led to increased use of internet based work platforms and cloud based management systems and at the same time exposing many organisations to major cybersecurity threats.  

What are the increased security risks from remote working

Employees which would normally connect to the internet behind secure networks and additional security systems may no longer have access to company officesโ€™ secure networks. VPN usage is now a lifeline for staff to access office internal network resources, however VPN servers in place may not be designed to handle the load of a fully remote workplace.

Insecure and misconfigured VPN connections are likely to pose major security attack against organisations.

Most staff have resorted to using personal personal devices to carry out work functions and access official data and applications. These devices may already be compromised or otherwise poorly updated and protected.

Furthermore, many individuals share login accounts amongst family members or do not protect their user account at all.

COVID-19 related cyberthreats have also been spotted as opportunistic cybercriminals exploit our collective anxiety and need for information and certainty about the pandemic. Phishing emails and forwards on social media may succeed in socially engineering your staff into compromising devices, accounts, and services.

Lastly, the advent of frequent remote work may lead staff to improvise in selecting cloud services which do not meet the security or compliance needs of their organisation.

How to detect cybersecurity threats

Many companies are unprepared and donโ€™t have security detecting tools in place making it difficult to detect malicious activities.

Organizations should evaluate the security defense mechanisms in place and explore into hiring cybersecurity experts to help them identify the loopholes in their systems and recommend security systems tailored for the needs of each organization.

Companies need to work closely with cybersecurity experts to understand risks engendered by remote work as they pertain to organisational systems, processes, and policies. This may involve;

  • A close review of the companyโ€™s VPN configuration,
  • Consideration of secure gateway solutions for remote workers,
  • Reviews of security for organisational intranet and extranets and ,
  • Review of  user account security and mobile device management configurations.

What should companies do to counter security threats and ensure compliance  

Given the stress experienced throughout this pandemic, staff are less likely to review organisational policies to know what to do.

It is advisable for companies to summarise the most important and actionable information for their staff including expectations for devices, authorised cloud applications, and emergency response contacts.

Companies need to train their staff and create awareness of security threats, how to detect them and what is expected of them to protect their organisations.

Sensitize their employees around information security outside of the office space.  Restrict working in public spaces or accessing public wifi. Working from public spaces should be restricted and organization should utilize technologies that ensure confidential information remain secure on their employeeโ€™s devices in the case of theft or damage.

Use of personal devices should be discouraged , otherwise, security standards should be set up for the use of personal devices accessing company resources.

Companies should conduct remote staff awareness programs on cybersecurity threats such as phishing and malware.

Adopt centralised solutions to help ensure that staff utilise secure internet connections, secure data on their devices, evade malware, and meet security baseline requirements on their devices and accounts.

Organisations which do not have any or sufficient internal capacity are advised to consult or work with cybersecurity and data protection professionals to help them detect cyber breaches and comply with data protection and confidentiality regulations.

We also advice that companies regularly update their remote working policies or practices with an emphasis on cyber security during and post COVID-19 era.

Article compiled by Alice Namuli Blazevic of Ugandan member firm Katende, Ssempebwa & Co

Media

Explore our news articles, specialist publications and browse through our webinars and gallery

What We Do

Explore our range of expertise, and see how we can help you.
Banking, Finance, Investment Funds & Private Equity
Business Crimes & Investigations
Competition Law
Construction & Engineering
Corporate Mergers & Acquisitions
Cyber Law, Block chain & Technology
Dispute Resolution
General Business Law
Healthcare and Life Sciences
Infrastructure, Energy & Projects
Insolvency & Business Restructuring
Intellectual Property
Labour & Employment
Local Investment Laws and Indigenisation
Media, Broadcasting & Communications
Mining, Environmental & Resources
Property Law and Real Estate
Tax

Member Countries

Explore our member firms by country

Algeria
Angola
Botswana
Burkina Faso
Cameroon
DRC
Egypt
Equatorial Guinea
Eswatini
Ghana
Guinea Conakry
Ivory Coast
Kenya
Lesotho
Malawi
Mali
Mauritius
Morocco
Mozambique
Namibia
Nigeria
Rwanda
Senegal
South Africa
Tanzania
Tunisia
Uganda
Zambia
Zimbabwe