KryptoKloud have produced a Guide to Secure Remote Working to help keep businesses safe during the lockdown.
Whilst many are offering their tips for best home working practices (exercise, take a lunch break, get dressed), there is a less touted issue surrounding remote working, one with potentially catastrophic ramifications:
What is the risk?
Home networks are always under more threat than office due to weaker security postures. Unfortunately, right now every hacker and cyber criminal in the world is very aware that everybody is working from home, so critical company data is theoretically easier to access.
The response has been a significant ramping-up of phishing scams and malicious website, claiming links to COVID-19, or posing as your employer needing to re-set your account.
Long periods of isolation and general displacement being away from the office can make it easier to forget stringent measure and double (triple) checking, but now is the time to ramp up your security awareness, not relax it.
What are the common attacks?
Phishing is cyber crime involving victims voluntarily giving access to bank accounts or personal data due to the belief they have been contacted by an official organisation (e.g. their employer or bank).
This often begins as an email which looks incredibly authentic, using correct logos and fonts, leading you to a website (also authentic looking) which asks for details. Once you fill these in the attacker has full access to them.
Other phishing scams include SMS and WhatsApp messages, phone calls, even fake invoices (often with a nasty bailiff threat attached.)
Malware (Malicious Software) is exactly what you would expect. Ranging from inconvenient to disastrous, malware does anything showing unwanted ads and pop-ups to accessing private systems and data.
Ransomware is a type of malware which encrypts users’ computers and prevents them from accessing their data. The hacker will demand a ransom in exchange for decrypting your files, essentially locking you out of your computer until you pay up!
How can we avoid falling victim? Keeping safe at home is really important and it doesn’t need to be a daunting task.
As a minimum you should:
– Check your home network
– Add multi factor authentication (MFA) to everything
– Check any and all links you are emailed.
A lot of this will have been taken care of by your employer, but if you’re unsure of anything, contact your IT support.
Steps that you can personally take can be found in this SANS factsheet, summarised below:
Understand social engineering
Hackers will use specific tactics to leverage information. At the moment this includes scaremongering around job losses and coronavirus.
- This often requires a sense of urgency, deadlines or fear.
- It may encourage ignoring security policies or an amazing offer.
- A message from somebody you know where the tone or wording is off.
Secure the home network
- Reset the default administrator password.
- Set additional passwords for other users which are different to the admin.
- Create strong passwords, ideally using a password manager.
- Re-set your passwords using strong passwords.
- Use a password manager to securely store them.
Stay up to date
- Keep all systems and applications up to date with the latest versions and regularly check this.
Keep work & family separate
- If you can set up guest options on your router make sure you do.
- Make sure family and friends know they cannot use your work devices for any reason and keep them out of reach of children.
KryptoKloud offers proactive 24/7 365 monitor and detection capabilities (even more so for remote / home working) which gives protection against the main risks above
For the next 3 months, we can offer FREE licensing of our BRONZE KryptoSOC 360 for up to 50 users – covering Desktops / Laptops & Mobile devices.
Contact us today [email protected] to register your interest and we will get you covered asap.