Since the emergence of the Covid-19 pandemic, working from home has become a part of many people’s lives. According to WHO hackers and cyber scammers are actively seeking to take advantage of the Covid-19 pandemic, sending fraudulent emails and Whatsapp messages containing malicious links or attachments.
With this in mind it is argued that employees are the most vulnerable part of a businesses’ security defence. An article published by Forbes supports this opinion that working from home actually puts a business at risk.
What causes the risk?
- Home Wifi
Working from home of course results in employees using their own wifi. However, this means that the business and IT administrator have no control. Home wifi tends to have weaker protocols. For example, WEP instead of WPA-2. This can result in hackers gaining access to the home network.
- Insecure Passwords
Simple passwords are very easy for hackers to solve. Similarly it can be noted that many people tend to use the same passwords across several platforms. This can enable hackers to gain access to multiple accounts.
- Human Error
It has been argued that human error plays a significant role in cyber security breaches. For example, misaddressed emails, or confidential data sent to insecure home systems
“One of the biggest potential threats comes from the fact that people tend to act differently when they’re working from home. They’re not in the same corporate mindset, they’re more relaxed and operating outside the security protocols normally taken for granted.”
– Stephen Bowes
Head of technology at BSI Cyber Security and Information Resilience
What are the signs?
Cyber attacks are extremely common. Therefore it is important to be able to recognise the signs in the event that a cyber security breach happens to your business so you can take immediate action. It should also be noted that not all attacks are visual, some may take place in the background so there may be no suspected suspicious activity. In fact, as mentioned in our previous blog with Paul C Dwyer, the average time hackers have been on networks is about 7 or 8 months before they’re even caught.
- Computer slowing down: A hacking attempt can result in spikes in computer networks. Employees should alert IT administrators if they are experiencing a slower network than usual.
- Strange pop up ads: Websites and unknown pop ups could contain malware and ransomware. Employees should avoid clicking on suspicious pop ups.
- Suspicious email address: Email phishing is a method used by hackers to access sensitive data while pretending to be a trusted company. Employees should ensure to check for grammatical errors in both the email address and email copy.
- Attempted password reset: It is common that employees will receive updates regarding a password reset that they have not requested themselves. In this case, IT should be alerted immediately.
- File encryption: If your file has been encrypted you will no longer be able to open it as its name will be changed and the system will not recognise it. Employees should ensure that all files are backed up so that important data is not lost.
In the case of any of the above suspicious activities, IT administrators should be alerted.
How can you mitigate risk?
It is not a question of if a business experiences a cyber attack but when. Therefore it is vital that businesses actively attempt to reduce this risk and act with caution. As employees are forced to work at home, it is vital that communication remains strong and any suspicious activities are immediately reported.
- Plan for an attack: In planning for an attack, businesses will be able to identify and discover vulnerabilities in their security, enabling them to decrease risk.
- Take the same precautions as would be taken in the workplace: Any suspicious emails or contacts should be immediately alerted to the IT administrator. Similarly, the above signs should be noted.
- Train Employees: Working from home is new to many employees. We suggest that training is provided around the security of devices and IOT outside of the workplace. For example Secureclick offer training in email phishing, cyber security awareness and ransomware prevention training.
- Password Hygiene: Default passwords on devices should be changed. Using a two-factor authentication can help provide an extra layer of security. This allows the user to receive a one time password to their chosen device, ensuring only the right people have access. It should also be noted, in creating passwords you must think of hard to guess passwords. This comes after it’s been found that some of the most commonly hacked passwords were “12345” or in some cases, the term “password”. Passwords should be updated regularly, best practice is every 6 months.
- Virtual private networks: Virtual private networks are a great way to secure data between remote workers and company systems. It is recommended that these networks are rolled out in phases which contain trials and tweaks in a safe environment. Businesses should ensure that all employees have up-to-date security protection on their devices. For example, virus checkers, firewalls and device encryption.
- Protect Video Conference ID’s: Zoom Ids should not be shared in a public forum. We recommend that waiting rooms are created for attendees, this ensures that users be admitted prior to entrance. Meetings can then be locked when all attendees are present. Similarly, meetings can be password protected.
Cyber Science 2020
At this years Cyber Science 2020, one of the co-located conferences will be Cyber Security. Be sure to attend to hear our speakers’ best practices and insights from industry and research. If you enjoyed this blog be sure to take a look at one of recent blogs on Paul C Dwyer Cyber Crime and the rise of Cyber Consultancy. Paul will be delivering keynote at this years conference. Registrations are open for Cyber Science 2020, join in from anywhere around the world, don’t miss out!