Reflecting on the past year, many businesses faced difficult challenges due to the outbreak of COVID-19. Hours were reduced, employees were sent home, and some were unfortunately forced to close. However, there is cause for optimism as many businesses managed to not only survive, but even thrive, due to the new methods of working and communicating which were implemented in response to the constraints of the period.
As the world adjusts to the disruption of the pandemic, companies may not have paid sufficient attention to their cybersecurity arrangements whilst focusing on the challenge of enabling remote working. Once the crisis has passed, employees may find that the cybersecurity landscape has changed from what they were accustomed to before.
As organisations adjust to their new normal, it is important to be aware of the current trends, changes and advances in the workplace. Whether your company chooses to work from home (WFH), in the office or a hybrid of the two (such as Works), this guide provides an overview of the essential considerations to keep in mind.
What to Anticipate
Cybercriminals are highly experienced and take advantage of any weaknesses they find. Since the onset of the pandemic and more people working from home, there has been an increase in attempts to obtain confidential information, such as client credit card details, through deceiving remote workers into revealing their credentials.
Since then, cybercriminals have taken advantage of the disruption caused by multiple modifications to the prior arrangement. They may attempt to deceive employees by impersonating a superior in an email, and thus gaining access to confidential systems or data, such as the employee’s home router password or a database containing sensitive client information. This practice, commonly referred to as phishing, is expected to continue alongside a number of other malicious activities.
Another video that explains how phishing attacks may change in many ways:
The Recurrence of Old Dangers
As the world continues to grapple with the ongoing pandemic, it is important to consider how existing forms of assault may have grown more dangerous in recent months. This article will explore the different types of assault and the changes they have experienced in the last year.
- Phishing. Let us gain further understanding of phishing. This type of deception can take many forms, such as the one mentioned above, when an employee receives an email claiming to be from a supervisor requesting login credentials. Employees may also receive an email with a link to a fraudulent website that requests such data. The target is commonly asked to provide sensitive information that would give the hacker access to the system.
It’s possible that the new environment may cause workers to be less vigilant about preventing these kinds of assaults once they return to work.
- Ransomware. If cybercriminals are successful in gaining access to a user’s data, they may demand a payment before releasing the data. Even if backups are in place, fraudsters can still threaten to make the information public or accessible to third parties.
Employees returning to the workplace should be aware of this new development and take utmost care to ensure that it does not adversely affect the organisation.
- Tailgating. Cybercriminals often exploit the willingness of people to be helpful. A common tactic is to gain access to a building by pretending to be a visitor, maintenance worker or delivery driver. Once inside, they may be able to access, and in some cases, steal sensitive data, stored either in paper or digital form.
Workers are more likely to fall for this con after the epidemic, when admittance requirements may have altered.
- Traps using USB drives. Cybercriminals are known to exploit people’s willingness to help by leaving USB sticks in public areas. The intention is that these devices will be inserted into computers, potentially leading to infection of the computer and the wider network.
Employees may be preoccupied upon their return to the workplace and forget to pass over the USB stick to IT.
Hackers Flock to Industries with Remote Work
The potential dangers outlined above may be encountered by employees either on their journey back to the workplace or whilst in attendance. Additionally, remote working arrangements present their own distinctive challenges.
- The cloud pounces. The Covid-19 pandemic has led to a rise in remote working, necessitating the implementation of additional cloud services to enable this shift. This approach has the potential to improve productivity and performance, however it also exposes businesses to a range of potential threats, including Denial of Service (DoS) attacks, Distributed Denial of Service (DDoS) attacks, Hypercall, Hyperjacking, and exploiting Live Migration through the Hypervisor.
- Attempts to break into routers. Without adequate security measures, a home router can leave a home network vulnerable to botnet attacks such as distributed denial of service (DDoS), click fraud, data theft, and account takeover. This is typically caused by a work-from-home (WFH) worker not maintaining their hardware to the most up-to-date version or not using a sufficiently robust password. As such, it is imperative that IT departments step in and ensure all WFH workers have a secure system in place.
- In-home electronics. Bring Your Own Device (BYOD) is a growing trend in which employees use their own devices (laptops, mobile phones, etc.) for work purposes. However, this can create security concerns as personal devices may not always be safely locked away. Therefore, it is important for IT teams to implement regulations and protocols for BYOD, especially when employees are working remotely or engaging in telecommuting.
- Free Wi-Fi at a Public Place. It is becoming increasingly apparent that not all those working from home are necessarily telecommuting, with many employees increasingly seeking out public spaces such as coffee shops for their remote working needs. While this presents a viable option for those who are seeking to break away from the confines of the home office, it is important to note that there is a potential threat from hackers who may be able to access personal information from those who connect to unsecure Wi-Fi networks.
Things to Do Right Away
Considering the potential cyber threats that your business may face can be daunting. However, there are a range of measures you can take to protect your organisation, including the following.
- Regular training for staff that teaches them how to recognise and avoid several dangers
- Protection against all potential threats, including those posed by wireless home hubs and other on-premises network infrastructure.
- Model of zero trust in security, with stringent rules for departing workers
It is important to recognise that, despite taking the necessary precautions, there is still the potential for an assault to occur. To ensure that you and your team are adequately prepared for such an event, it is essential to plan in advance.