Tips On How To Stay Secure While Working From Home
Essentially, it means that a lot of people are relying heavily on our own digital infrastructure in order to maintain a secure and effective working flow. It also means that small, mid-market, and family businesses are finding an increasing amount of cyberattacks being perpetrated.
Cybersecurity matters are now more important than ever before. Follow these working from home tips and tips for working remotely to ensure your personal and professional data remain safe from hackers.
How Are Hackers Targeting Remote Workers
Fraudulent activity has seen a rise in recent weeks due to hackers exploiting confusion around COVID-19. The rise in scams comes in the form of disinformation, fraudulent goods, and email phishing campaigns.
“This demonstrates that attackers and hostile actors are capitalizing on the fear and frenzy generated by the pandemic,” said Jack Mannino, chief executive officer at Virginia-based security firm nVisium. “As we continue to be impacted by changes to our way of life, people will become even more reliant on applications and software to provide them with accurate and truthful information. Eroding trust in our systems during a crisis is a perfect way to cause chaos.”
There has also been a drastic increase in the hosting of new domains, with fake websites popping up left, right and center. This is nothing new according to Alex Guirakhoo, strategy and research analyst at Digital Shadows, a provider of digital risk protection solutions in San Francisco.
“In the past, cybercriminals have taken advantage of major global events, such as natural disasters, in similar ways, defrauding charities and impersonating legitimate health organizations like the Red Cross,” he said. “In times of crisis, it is, therefore, even more essential to be prudent and adhere to best practices to combat common social engineering techniques.”
One of the biggest issues for businesses is that certain individuals can be targeted by cybercriminals, often sending specific emails regarding COVID-19 that include medical information, inaccurate data, or attempting to steal personal or business information as well as money.
“When it comes to financial theft, they will either do this directly, by trying to trick you into wiring funds to avoid insurance cancellation or to get an urgent shipment of badly needed items, or they will steal your card number and use it fraudulently,” he said.
Those working from home are likely to take communication tools from work such as the company laptop or company cell phone. Federal officials warn how phishing campaigns are sent via text messages, otherwise known as smishing.
“Consumers can expect to see more of these scams in the coming weeks and months as criminals will very likely use this platform to trick people into clicking a link, calling a phone number or installing an app,” said Karim Hijazi, CEO of Prevailion, a cyber intelligence company headquartered in Columbia, Maryland.
“Anyone of these will lead to information theft or financial fraud,” he said. “They will use a variety of pretexts, including local warnings about infections or quarantine notices of pending health insurance cancellation or claim denial.”
Cell phone attacks are incredibly effective for hackers as they most often trigger immediate responses from their targets. The most common platforms used include SMS, WhatsApp, iMessage, Viber, WeChat, and more.
“Organizations should make sure that their employees’ devices are not running outdated and vulnerable operating systems or applications and that unauthorized software is not installed, as these can put the security of the device and corporate data at risk,” Hazelton said.
The truth is, businesses are incredibly unprepared to have so many people working from home. It means that those employees are at a higher risk of being hacked and the business data being leaked as employees are out of the office and the security of the company’s firewall.
“Home WiFi networks are typically insecure with weak password protection and vulnerabilities in the devices themselves,” he said. “People will also be connecting to their offices via remote desktop tools, which can be hacked or hijacked. In fact, there are many places on the Dark Web that sell stolen remote desktop credentials.”
One of the biggest cybersecurity threats to companies during COVID is employees being on the receiving end of a phishing attack from a hacker pretending to be their CEO or IT manager. These emails will ask employees to sign in to an online portal with their work credentials in order to have access to a business-critical resource.
“The hacker pretends to be the company’s CEO or another employee and tricks the person into conducting a wire transfer or sharing online credentials,” Glassberg said. “I have no doubt we are going to see data breaches and wire transfer fraud as a result of this outbreak.
Attackers will capture those credentials and then can move laterally and vertically throughout an organization until they capture the data or access they desire,” he said. “Organizations without a privileged access management program that can recognize and terminate abnormal identity-behavior will be especially vulnerable to this type of attack.”
Organizations might also be tempted to collect as much information relating to the coronavirus as possible, however, the GDPR maintains that organizations only collect personal data for the purpose that it serves. The GDPR personal data definition is as follows,
“Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Since the definition includes “any information,” one must assume that the term “personal data” should be as broadly interpreted as possible. This is also suggested in the case-law of the European Court of Justice, which also considers less explicit information, such as recordings of work times which include information about the time when an employee begins and ends his workday, as well as breaks or times which do not fall in work time, as personal data.”
Working From Home Tips to Remain Secure During COVID-19
Follow these tips for working remotely to ensure your personal and professional data remain your own.
Understand the threats to your business. Leaders should work in conjunction with their security teams in order to identify possible attacks due to an increasing amount of employees working from home. They should also prioritize the security of their most sensitive data as well as business-critical applications.
Ensure that clear guidance is provided and encourage communication. There should be clear working from home policies that are simple to understand and follow. These will empower employees to make sure their new professional environment is secure. Any suspicious activity should be communicated instantly with internal security teams.
Use cloud storage. If you haven’t yet made use of an external hard drive to back up files, it might be time to invest in cloud storage now. This online tool will allow you and your employers to upload and store files online. These files will be accessible from all devices that are logged into the service.
Cloud storage is also fantastic in a ransomware situation as all of your data is backed up on the cloud.
Ensure employees have an updated antivirus program. An antivirus program will protect employees against malicious exploits including:
Antivirus software should be installed on desktops, laptops, and smartphones to protect your devices in real-time.
Invest in a VPN. For the past few months, there has been a huge increase in sales of VPNs. This is one of the most important tools you can rely on to protect your business data online. A Virtual Private Network will reroute your connection to a server in any location in the world available to that VPN service provider. It masks your IP address making it virtually impossible for hackers to get their hands on your information.
When choosing a provider you should make sure that there is an ample amount of servers available, tight security protocols, zero-knowledge security protocols, and round the clock customer service.
Use an Ad Blocker
Criminals are increasingly turning to ads in order to distribute malware, often catching unsuspecting victims by surprise. Even if you are aware of such dangers it takes just an accidental slip of the finger for you to open up the ad on your desktop, tablet or smartphone to trigger the attack. Additionally, ad blockers are able to help in speeding up loading times as well as help you to keep your device from being bogged down.
Password Managers are Key
Many of us are guilty of creating weak passwords that are easily identifiable by hackers with just a little bit of research. With so much information shared with the public on social media, when your employees use the names of their partners, pets or favorite holiday destinations, it is less than ideal for keeping your business’ privacy intact.
Criminals are getting savvier in their approach to steal user data during the spread of COVID-19. This includes making fake webpages that appear legitimate, but are actually armed with keyloggers. As soon as an employee attempts to type in their login credentials and hits enter, all of that information is going straight to the hacker.
Password managers not only keep your passwords under lock and key, but they are also able to craft unique and impenetrable passwords.
For weeks now COVID-19 has been the reason for tighter restrictions on a global level. People all over the world are facing limits when it comes to their movements, and this has also impacted on their professional life. With so many people working from home, a lot of organizations have been left vulnerable as employees have moved their professional sphere from the office to their homes.
Unfortunately, this means that those employees are likely not as secure whilst active online. The above working from home tips will ensure you and your employees can remain safe while attempting to go about your professional lives from home.