Why has working from home increased the risk of cyber attacks?
The outbreak of Covid-19 forced businesses across the world to implement remote work systems for their employees. The vulnerability of this situation has created a unique cyber threat landscape in 2021, with cybercriminals leveraging the uncertainty and confusion of the pandemic to launch various new attacks. We explore this phenomenon and show you how to protect your business from these ongoing security challenges.
The majority of businesses were unprepared for the events of 2020. Moving from an in-person office environment with a secure network to a remote workforce practically overnight left some gaping security holes. With little time to plan ahead or train their employees, businesses have been left vulnerable – and cyber criminals know it.
Some key cyber security risks that arise from working remotely
- BYOD risks: Without access to office hardware, employees have become increasingly reliant on their own laptops, smartphones, and other devices – many of which are not protected by security measures such as passwords, 2FA/MFA (two-factor/multi-factor authentication), antivirus software, and firewalls. IT departments sometimes have little visibility or control over what these devices are used for, and accessing both personal and business accounts from the same device creates further risk of sensitive files and networks being exposed to security threats.
- Poor password hygiene: When employees use the same and/or easy-to-guess passwords on multiple accounts, their accounts are at risk of hacking attempts, brute force attacks, and password spray attacks. Unless 2FA has been enforced on all accounts and devices, there is little to prevent such attacks from being successful.
- Patching: In an office environment, it’s easy for IT teams to update software and systems regularly, ensuring any security vulnerabilities associated with outdated software are quickly remedied. When working from home, these updates often get overlooked, exposing company systems to attack.
- Public WiFi: Remote employees often choose to work in public spaces and cafes, where they utilise free WiFi networks that lack security controls. These networks are easily intercepted by hackers, who can use them to connect to company accounts and access sensitive data.
- Increased use of email: Communication among a dispersed workforce relies heavily on email and messaging apps. This increased dependence on remote communication has presented more opportunities for social engineering attacks like phishing and BEC (business email compromise) – both of which have risen sharply during the pandemic.
- File sharing: The need to share and collaborate on files remotely has highlighted the need for tighter security controls, as sensitive data is at risk of compromise, while corrupted files or phishing links can expose business networks to malware.
Now we’ve seen some of the top issues with remote workforce practices, let’s look at the types of threats they pose for businesses.
Common business security risks in 2021
Cyber criminals are experts at evolving with the times and they’ve been quick to use the above security gaps to their advantage. Here are 7 of the top cybersecurity threats that are prevalent right now:
Phishing is by far the most common type of cyber threat seen over the past year. Victims are contacted via email by what appears to be a legitimate source with the aim of persuading them to divulge user credentials, or click a link or download that installs malware. Business email compromise (BEC) is particularly prevalent and involves criminals posing as a colleague in order to request information or payments. Phishing variants include ‘whaling’ if it targets top leadership, and ‘smishing’ if the attack comes via text messaging.
Malware comes in many forms but one of the most common recently is ransomware. Often delivered via phishing, this malicious software threatens to expose sensitive information or blocks access to systems and data until a ransom is paid.
- Remote-access trojans (RATs)
This type of malware disguises itself as, or piggy-backs on, legitimate downloads or updates to gain access to and control over systems, as seen in the recent SolarWinds attack. By creating a backdoor into the victim’s system, RATs are often used to initiate advanced persistent threat (APT) attacks, in which the attacker remains undetected for a long period of time, often enabling them to steal information such as intellectual property. Spyware may also be utilised to gather information in this type of attack.
- Insider threats
The shift to remote work has seen a spike in insider threats, both malicious and accidental. In some cases, employees steal information in order to poach clients, to sell to criminal organisations, or to sabotage their company. In other cases, data is accidentally exposed due to poor security practices, negligence, or lack of training.
- DDoS attacks
Distributed Denial-of-Service attacks see perpetrators disrupt a website or service by flooding it with traffic, often using botnets – internet connected robot networks that are controlled by a singular entity. This type of attack is often used as a distraction from another more sinister attack, and has become easier to carry out due to the higher than usual web traffic resulting from lockdowns and remote work.
The rapidly growing popularity and value of cryptocurrencies like Bitcoin has led to a rise in malicious crypto-mining. The attackers surreptitiously access the victim’s system and use its computing resources for mining cryptocurrency.
How to minimise risk of a cyber attack
There are various steps that businesses can take to minimise the risks of remote work, starting with equipment protocols. Businesses can either require remote workers to use only company-issued equipment or enforce security controls on personal devices. These protocols should include using strong passwords, activating 2FA, enabling automatic updates, and installing business-class antivirus and anti-malware software. To eliminate the risks posed by public WiFi networks, organisations can provide a secure VPN for remote logins.
While email security can be enhanced using controls such as spam filtering, user training on security best practices is by far the best way to avoid email-related attacks. Regular and engaging employee training can stop many of the above threats in their tracks by helping users to recognise them in their early stages.
As well as being taught the basics – such as taking a zero-trust approach to emails and not clicking links or downloads in emails – employees should be kept informed of the latest types of phishing attacks, how to spot them, and how to report them. They should also be instructed to use access controls on sensitive data and documents.
Although these steps lower the risk of a cyber attack being successful, it is impossible to eliminate the threat entirely. Businesses must therefore have a robust BCDR (business continuity and disaster recovery) plan in place to ensure they survive the inevitable. This should include the use of advanced threat detection software, constant data backup to multiple locations, and a comprehensive plan for restoring that data if needed. Businesses should also invest in cybersecurity liability insurance to ensure they will not be wiped out by the costs of recovering from a cyber attack.
As the cyber threat landscape continues to diversify, maintaining cybersecurity is increasingly difficult. Without a dedicated cybersecurity team, many businesses find themselves at risk. For this reason, outsourcing cybersecurity management is growing in popularity.
Protect your business from cyber threats
Assembly helps businesses take a proactive approach to cybersecurity and business continuity. To find out how our managed services can protect your business talk to one of our team today to learn more about our capabilities; how we’re bringing people, business and technology together; and what this means for you.