Digital user education really is more important now than ever

08.04.2020

By Vinaya Sheshadri, Principal Security Consultant

As the threat of coronavirus continues to spread, more businesses are asking their employees to work from home. This means taking their laptops and company data with them, giving hackers greater opportunity to exploit and infiltrate corporations.

Most members of staff have probably never worked from home before and now everyone is starting to at once. Given the fact that according to Devon Milkovich of cybintsolutions, “43% of cyber-attacks target small business out of which 62% are experienced phishing & social engineering attacks”; digital user education really is more important now than ever.

This sudden transition into remote working for a nation will have a significant strain on IT support staff. Not only because they are helping people set up home offices, but there are now more ways for hackers to exploit people.

So, here are some of the things people need to be vigilant for while working from home:

1. Phishing

Phishing is a well-recognised way to steal information from an innocent victim. And despite its bad reputation amongst users, it remains quite successful. It typically involves hackers sending an email to the target, seeking information that might help with a more significant crime.

EXAMPLE

Coronavirus phishing scams started circulating in February – preying on fear and confusion about the virus — and they’ve only proliferated since. A few weeks back, Brno University Hospital in the Czech Republic — a major Covid-19 testing hub — suffered a ransomware attack that disrupted their operations and caused numerous surgery postponements.

In this time of struggle, that’s the last thing an organisation wants to face, specifically one in the leading line of the fight against Covid-19. Kaspersky, cyber security solutions company, have also stated that many hackers are now disguising their efforts, such as email scams or fake websites, under the name of life-threatening epidemics like Covid-19. This may seem unthinkable, but it’s extremely common for scammers to exploit situations of suffering for their own profit.

So what can you do to avoid phishing? Think twice before opening an email from unknown sources, avoid suspicious or unreputable links, and double-check anything you are unsure of with your IT support team.

2. Scams targeting remote workers

We’ll likely see an exponential increase in malicious campaigns targeting employees working from home. What’s more, with many employees lacking the resources for or ability to start remote working, the prevalence of ‘work-from-home’ scams is likely to rise.

EXAMPLE

If your friend sent you an email with the subject, “Check out this site I found; it’s really useful for protecting yourself from Coronavirus,” you might not think twice before opening it. By taking over someone’s email account, a fraudster can take advantage of relationships and make the recipients of their scam believe they’re receiving email from someone they know. The primary objectives include spreading malware and tricking people out of their data.

As more people are utilising digital communication while working from home, these scams are due to increase. And when your email inbox is already more full than usual – you may not notice something suspicious amongst everything else.

3. Using personal devices and networks

A large proportion of employees will never have worked from home, and so they may not have a company issues laptop. In turn they will have no choice but to use personal devices and home networks for work tasks.

But personal devices often lack the right cyber security tools that general come built into business networks, such as strong antivirus software, customized firewalls, and automatic online backup tools. This increases the risk of malware finding its way onto devices and both personal and work-related information being leaked.

Try to reduce this by setting up a virtual desktop infrastructure (VDI) to separate your company data from personal data. Private cloud storage is also a viable option. This ensures not only that the company-owned information is protected from outside access, but it also keeps your employees’ personal data private.

4. Unsecured Wi-Fi networks

Most remote workers will be working from the comfort of their home with a secure Wi-Fi connection, but some may have to use unsecured public Wi-Fi networks. These are prime spots for malicious parties to spy on internet traffic and collect confidential information.

Try and avoid these unsecured Wi-Fi networks wherever possible. If your network is not secure talk to your IT staff and make sure you get a dongle to increase privacy. Unfortunately this may not support high-performance connections such as video calls, but at least it will provide you with secure communication.

The steps you can take to protect yourself while working from home:

1. Use a VPN

VPN encrypts all your internet traffic, so that it’s unreadable to anyone who intercepts it. This keeps your data away from the prying eyes of any snoopers or hackers. Regardless of whether you’re using a personal or company provided laptop, always try to use a VPN when you can.

2. Two-factor authentication (2FA)

Two-factor authentication (2FA) involves an additional step to authenticate users, adding an extra layer of protection to your accounts. Most applications support this and try to use it wherever applicable. This includes steps like sending a text when you log in to a new device.

3. Install updates regularly

People tend to delay their software or application updates as long as possible to avoid the nuisance of a system restart. But keeping up with the latest software is extremely important as updates often include patches for security vulnerabilities that have been uncovered since the last iteration of the software was released. This is a quick way to improve your digital safety.

4. Use strong passwords

When registering for a new account online users are often prompted to create a strong password with a mix of letters, numbers and cases. This is to help avoid hackers accessing your information. There are tools, like LastPass, which not only save your existing password securely but also help you to create strong passwords.

5. Set up firewalls

Firewalls act as the first line of defence to prevent threats entering your system; they create a barrier between your device and the internet by closing ports to communication. This can help prevent malicious programs entering and can stop data leaking from your device. If your antivirus software doesn’t include host firewall protection try to enable the Windows (or other OS) default firewall.

6. Use an antivirus software

Although a firewall can help, it’s not always 100% effective at deterring hacks. A good antivirus software can act as the next line of defence by detecting and blocking known malware. And with EDR you can even block zero-day threats or unknown threats.

7. Back up your data

Data can be lost in several ways, including human error, physical damage to hardware, or a cyberattack like ransomware and other types of malware which can wipe entire systems before you have time to spot or stop them. Clearly, there are plenty of reasons to keep your data backed up. You can do this to a local disk, cloud backup or company network storage.

8. Beware remote desktop tools

Many employers will be allowing employees to access their work networks via Remote Desktop Protocols (RDPs). So be vigilant about malicious software like false versions of software such as TeamViewer.

9. Look out for phishing emails and sites

To Identify a phishing email, make sure to double check the sender’s email address for spelling errors or look for poor grammar in the subject line and email itself. You can hover over links to see the URL and check whether it’s real or a scam. Don’t click any links or attachments unless you trust the sender 100 percent. If in any doubt, contact the alleged sender using a phone number or email address that you find somewhere other than in the suspicious email.

What companies can do

Given that the coronavirus pandemic shows no signs of ending, organisations will continue to build out their working from home strategies. In fact, 67 percent said they’ve seen positive outcomes in having a majority remote workforce. Also, the process has reinforced the need for emergency response planning, disaster recovery and business continuity technology investment, and multi-factor authentication.

Companies also need to make sure employees are up-to-speed with the latest information on coronavirus. It’s now part of their responsibility to ensure employees know how to protect themselves and their families from the virus itself, as well as all the fraud artists following in its wake.

Following these steps will go a long way to protecting your data and can be taken not only during the pandemic but should be implemented in general.

By Vinaya Sheshadri

Book a consultation

Arrange a cyber security or data operations consultation with the RiverSafe team today.