Home Alone: The Cyber Threats
With the quick and unplanned move by many companies to a remote workforce, cybercrime risk grows considerably.The outbreak of the coronavirus has led to a sudden, dramatic shift in the global economy, with unemployment skyrocketing and businesses considered nonessential closed or severely limited.
Even those companies that have remained open for business are experiencing a radical shift in how they operate, with many employees who once worked in the plant or back office now doing their work remotely. And, sadly, in some cases hackers, phishers and other digital lowlifes are using this newly created work environment to ramp up attacks on companies and their data.
Even before the spread of COVID-19, cybercrime was a major concern for U.S. companies, with an estimated $27.8 million in losses suffered by U.S. businesses in 2018, according to Accenture. That number is only expected to grow in the coming years.
Now, with a wave of employees working from home, the opportunities for criminals to find new avenues to penetrate enterprises has grown tremendously.
Aaron Warner, CEO of ProCircular, an Iowa-based company specializing in cyber protection, says the arrival of the coronavirus and rapid deployment of many workers to remote locations upended years of cybersecurity protocol.
Over the past 25 years, IT departments have modeled their efforts at security on the castle doctrine. If you have something valuable you want to protect, you put it on a hill, build walls and a moat around it and deploy individuals to stand atop the walls protecting against incursion. Cyberwalls and border security were the fundamentals of these efforts on the information technology side.
“In the last month, everyone took everything valuable, copied it on their laptop and walked outside those walls. From a security perspective, organizations’ intellectual property has never been at greater risks,” Warner says. “That information is everywhere now, not just inside the castle walls.”
Additionally, due to the sudden way that so many companies went from day-to-day operations in the office to a majority of staff working remotely left departments unable to develop proper systems before the exodus took place.
“Getting the people to work from home, that was the first goal. The second goal was to secure it. We’re getting a lot of follow-up calls now asking if you are able to scan home networks, not knowing if their networks are secure at all,” Warner says.
Chris Grumboski, president of CMIT Solutions of Oak Park, Hinsdale and Oak Brook in Illinois agrees. “It was kind of done in a rush, maybe with not all the proper precautions taking place. The main concern is the home network is much less secure.”
Compounding the issue is the fact these home workers are not just doing business remotely and independently, but connecting back to the network. If the machine they are using is compromised, they can bring something back into the work system.
“RDP (remote desktop protocol) has shown to have some vulnerabilities. That’s where a hacker can get you,” he says. Likewise, companies may use some kind of drop box to share files, a system that has less protection than when operated inside the network.
Grumboski recommends using encrypted files when employees are sharing important material from one remote machine to another or back to the network. If possible, he advises employees to separate work from home as much as possible, up to and including the machines employees work off.
Many of the typical types of attack hackers use to gain access to networks are at heightened risk during the work-at-home routines of the pandemic, including phishing and ransomware attacks. This isn’t just because home networks are less secure, but also because the change in work environment may make users a little more comfortable or less alert to risks.
And the risks aren’t just in place in remote locations. The absence of personnel manning the office regularly may also lead to some vulnerabilities. Grumboski says breaches that may have gotten noticed when a full staff was on hand could get overlooked now. He recommends all updates continue to get run and the network monitored as much as possible.
Warner also adds that this is the most important time to ensure backups are working properly. “If you ask your IT service provider or IT department if they’re backing up, the answer is always, ‘yes.’ The important question is, ‘Can you show me the proof you’ve tested those backups?’”
The same basic principle is at work for the home employees. Now it is more crucial than ever to routinely run the daily updates sent out by Windows and other software systems. Users too impatient to allow the system to restart frequently put off those updates, with days turning into weeks.
“Anytime Windows releases an update, go have a cup of coffee and let it do its thing,” Warner says.
While the coronavirus required a lot of companies to react on the fly, Grumboski suggests they recognize such a shift to remote work could repeat itself in the future, and be better prepared in the event there is a next time.
“Some companies will be looking into expanded firewalls to make it more secure to log in. They’ll be looking at hardware and software upgrades so it can be done with a flip of the switch. They’ll beef up disaster recovery plans.”
“They’ll take all the lessons learned from this to put into their policies and procedures going forward.”
-----------------------------------------------------------------------------------------------------------------------------
5 Tips for Work-From-Home Security:
1. Confirm the sender’s email address. If an email from an otherwise trusted source looks unusual, confirm the name on the email has sent you the material.
2. Look for misspellings, bad grammar or unusual phrases in subject lines and body copy.While coronavirus-related attempts are increasing, they’re similar in type to past efforts, where these types of mistakes proliferate.
3. Don’t download unfamiliar attachments or click on unfamiliar links. If you aren’t expecting a specific file from a specific sender, don’t ever open anything attached to that message, whether you’re at home or in the office. This also goes for links. Encouraging email recipients to click on a Google doc or sheet file is a method for directing users to malicious websites.
4. Activate multi-factor authentication on every account possible. Many phishing schemes try to get you to re-enter a password for common apps or social media accounts with the hope of stealing the password. Multi-factor authentication limits the damage of the theft of a password, as only you will typically have access to your phone or email.
5. Use only private, protected wi-fi networks and virtual private network connections.Security experts consider signing in to sensitive office networks with public wi-fi or unsecured networks akin to “swimming in shark-infested waters.” Always use private, password-protected wi-fi networks to work from home and ask a trusted IT provider about setting up a VPN to minimize the risk to devices and data.
(Source: CMIT Solutions)