How Remote Working is Making Cyberattacks Easier to Pull Off
Posted by Norma Stratton on
How Remote Working is Making Cyberattacks Easier to Pull Off
The unique challenges of this year have forced companies the world over to make significant changes and adapt quickly to survive. Many businesses have allowed employees to work from home, and in many cases, this resulted in a positive change. Some stores, for example, have not only endured, but thrived by switching to an e-commerce model. Unfortunately, cyber criminals have also been quick to adapt, with less-than-desirable results.
The necessity for businesses to remain digitally connected has resulted in an increase in ransomware attacks. And not only have they increased in number, but they have also become increasingly effective. Virtually every sector, including government, has encountered hackers breaking in and encrypting files or even servers with ransomware, followed by a demand for payment in Bitcoin. Some of these ransoms can reach hundreds of thousands or even millions of dollars.
With so many employees now working at home, away from the company firewall, on multiple different devices and multiple networks, vulnerabilities are appearing. Many employees are working from home for the first time and being distanced from the company increases the likelihood of making poor decisions about security. In an office environment, it is easy to ask coworkers for advice when faced with something suspicious, but working at home, they are making decisions on their own, sometimes with unfortunate results. Cyber criminals are aware of this and taking full advantage.
Phishing attacks are seeing an increase now that so much business is being conducted via email. Hackers can customize their phishing email to target employees withing a particular organization. Victims will be prompted to enter their Microsoft Office 365 username and password, which will provide hackers a point of entry for the network.
Working from home means that employees are using residential internet rather than operating at a business level. They are working on a network that family members use to watch Netflix or play online games. Worse, the employee may have only the one computer, using it for work, but also for social media and shopping. This could allow a cyber criminal to attack their personal email address, and if opened on the right device, gain access to the business network.
Previously, attackers would need to target corporate email accounts, but personal accounts tend to have fewer controls, providing the cyber criminal with new opportunities. Some attacks have begun with someone opening an email from their personal account on a corporate computer.
Should an attacker manage to successfully compromise a home user’s computer, they need only wait for that user to eventually connect to the corporate VPN and then they can make their move just as if they had connected to an office computer. They will try to access new privileges, perhaps even gaining administrator-level rights, allowing them to spread their ransomware throughout the network.
At-home workers may be working unusual hours as they juggle home and work responsibilities. This can make it difficult for security teams to notice and identify unusual network activity, allowing cyber criminals to act unseen.
What can businesses and workers do to defend against attackers?
To begin with, training is vital. Staff should be aware of what to watch for in phishing emails and other online activity. This should be combined with a technical defence. Many organizations do not keep an offline backup of their data but doing so would allow for the restoration of the network without having to pay off cyber criminals.
Multi-factor authentication should be put in place so that in the event of a password being given away or discovered, a second layer of defence will help defend the network. Security patches should always be applied as they become available as they shore up your defences and address known weaknesses.
Although working remotely has offered cyber criminals new opportunities to ply their trade, steps can be taken to defend against them. A combination of proper training and other defences can help to deter criminals and keep your organization safe.
Every business should assume they have either been attacked, are being attacked, or will be attacked. Fast detection and swift response are the small business owner’s only defense.
You can access my Free Ebook=> “WHAT’S AT STAKE FOR YOUR BUSINESS?”
If you suspect you may have a data breach. It is essential to get it check out immediately.
We hope this information is helpful we want to make this as easy as possible for you, eliminate the learning curve, and inform you all about the dangers your company may face when exposed to cybersecurity.
We love hearing your feedback and on your cyber concerns
Safe Harbour Canada | Safeharbor USA | “Smooth Sailing"
If you have an imitate concern about Cyber Security or would like to chat. Please don’t hesitate to give me a call a 6042955355 or email me at info@safe-harbour.ca