Last year proved tumultuous for businesses, as the COVID-19 pandemic wrought havoc on unprecedented scales. Reduced hours, furloughed employees, and closures were commonplace. Yet, there are glimmers of hope as businesses not only survived, but also prospered through innovative methods of communication and collaboration that emerged as a response to the challenging climate.
As the world adapts to the pandemic’s upheaval, companies may have overlooked the significance of their cybersecurity measures in the scramble to facilitate remote work. Post-crisis, employees may discover that the cybersecurity terrain has altered significantly from their pre-existing familiarity.
As companies settle into their revised routines, staying abreast of the modern workplace’s ever-evolving trends, amendments and improvements is crucial. Whether your preference leans towards remote operations (WFH), onsite working or a blend of both (as implemented by Works), this handbook offers a comprehensive overview of important factors to keep in view.
What to Expect
Cybercriminals possess extensive expertise and exploit any vulnerabilities they detect. With the pandemic’s advent and the rise of remote work, there has been a surge in efforts by cybercriminals to deceive remote workers into disclosing their login credentials to obtain sensitive information like client credit card details.
Subsequently, cybercriminals have exploited the turbulence created by several alterations to the earlier protocol. They might impersonate a higher-up in an email to dupe employees into divulging their home router passwords or gain entry to privileged systems or data, including databases containing sensitive client data. This strategy, commonly known as phishing, is predicted to persist alongside various other malevolent activities.
Here’s an additional video that elucidates how phishing attacks might undergo multiple variations:
The Resurgence of Past Threats
As the pandemic persists, it is essential to consider how previously known forms of attack may have intensified over the past few months. This essay delves into the various kinds of assaults and the alterations they have undergone in the last year.
Phishing.
To comprehend phishing better, let’s examine it in more detail. This type of fraud can take various shapes, such as the one stated above, wherein an employee receives an email purporting to be from a superior, requesting login credentials. An email with a link to a counterfeit site that solicits sensitive information is another common approach. The objective typically involves obtaining user credentials that allow the hacker access to the system.With the return of workers to the workplace, the new milieu may cause them to be less cautious about preventing these types of attacks.
Ransomware.
When cybercriminals successfully gain access to a user’s data, they may demand a ransom payment before releasing it. Even in cases where backups are available, fraudsters can still coerce their victims by threatening to expose or share the information with third parties.Tailgating.
Cybercriminals frequently take advantage of people’s helpfulness. A typical strategy involves pretending to be a visitor, maintenance worker or delivery driver to gain entry to a building. Once inside, they may be able to access and, in some cases, pilfer sensitive data stored in either physical or digital formats.Following the epidemic, when access requirements may have changed, workers might become more susceptible to this scam.
USB Drive Traps.
Cybercriminals have been documented leveraging people’s helpfulness by leaving USB drives in communal areas. The goal is to manipulate someone into plugging the device into their computer, which could result in the computer and the entire network becoming infected.Upon their return to the workplace, employees might be distracted and overlook the need to turn in the USB drive to the IT department.
As workers prepare to resume onsite operations, they need to be mindful of this current development and exercise the utmost diligence to prevent any adverse outcomes for the organisation.
Remote Work Draws Hackers to Industries
The potential hazards detailed above may confront workers during their return to the workplace and while on site. Furthermore, remote working conditions pose their own unique set of challenges.
The Cloud strikes.
The Covid-19 pandemic has resulted in a surge in remote work, requiring the adoption of additional cloud-based services to facilitate this transition. While this approach has the potential to enhance productivity and performance, it also exposes businesses to a range of possible threats, such as Denial of Service (DoS), Distributed Denial of Service (DDoS), Hypercall, Hyperjacking, and exploiting Live Migration via the Hypervisor.Router Hacking Attempts.
Inadequately secured home routers can leave home networks open to botnet attacks such as distributed denial of service (DDoS), click fraud, data theft, and account takeover. This usually results from a work-from-home (WFH) worker failing to keep their hardware up to date or not using a strong enough password. It is hence critical for IT departments to intervene and guarantee that all WFH employees have a secure system in place.In-home Electronics.
Bring Your Own Device (BYOD) is a rapidly increasing trend where employees employ their personal devices (laptops, mobile phones, etc.) for work-related activities. However, this can lead to security issues since personal devices may not always be securely stored. Hence, it is crucial for IT teams to institute regulations and protocols for BYOD, particularly when employees are working remotely or telecommuting.Public Wi-Fi hotspots.
It is becoming increasingly evident that not all remote workers are engaging in telecommuting, with many opting to work remotely from public spaces like coffee shops. While this presents a viable alternative for individuals seeking to break away from the monotony of a home office, it is important to recognize that connecting to unsecured Wi-Fi networks poses a real threat from hackers who may be able to access personal data.
Immediate Action Items
Contemplating the possible cybersecurity hazards that your company may encounter can seem overwhelming. Yet, numerous actions can be taken to safeguard your organisation, such as the ones listed below.
- Consistent employee training for recognising and avoiding several dangers
- Protection against all possible threats, including those presented by wireless home hubs and other on-premises network infrastructure.
- Implementation of a zero-trust security model with strict rules for departing personnel
It is paramount to understand that, despite taking the requisite measures, there is still the possibility of an attack. To guarantee that you and your team are sufficiently prepared for such an occurrence, it is necessary to plan ahead.
