Coronavirus has claimed hundreds of thousands of lives across the continents and locked down in quarantine the whole countries. The daily life has changed for millions of people as companies around the globe have rolled out the mandatory remote work policy.
But as the “home office” at a totally unprecedented scale becomes the new normal, it also raises a cybersecurity topic to be more and more relevant.
Cybercriminals are exploiting disruption, caused by the coronavirus. Vulnerabilities in the security protections of medical facilities, factories, financial institutions and even households are used to carry out a range of phishing and malware attacks.
The industry experts agree, that the global pandemic is able to catalyze changes in technologies and their regulations. More people might become victims of cyber attacks, as various malicious threats spread across the internet. Furthermore, not only the remote workers pose a risk to their privacy but working from home could also result in a breach in the company’s network security.
Online threats to remote workers
Unsecured wifi networks. During the quarantine, most people will be working from home, where they are able to use secured wifi. However, some of them might still use unsecured public wifi networks which are prime spots for malicious parties to spy on internet traffic and collect confidential information.
Personal devices and networks. Many workers will be forced to use personal devices and home networks to complete their work tasks. These will often lack the tools built in to business networks such as strong antivirus software, customized firewalls, and automatic online backup tools. This increases the risk of malware finding its way onto devices and both personal and work-related information being leaked.
Scams targeting remote workers. Cybersecurity specialist witnesses an increase in malicious campaigns targeting remote workers.
Strong passwords. It’s important to ensure that all accounts are protected with strong passwords, that should be unique for every account and should comprise a long string of upper and lower case letters, numbers, and special characters.
Unfortunately, many people still use the same password across multiple accounts. This means that all it takes is one compromised password for a criminal to take over all of person’s accounts.
Two-factor authentication. A strong password only is not enough. Two-factor authentication (2FA) and two-step verification (2SV) give an additional security layer to the accounts.
The extra step could be an email or text message confirmation, a biometric method such as facial recognition or a fingerprint scan, or something physical, such as a USB fob.
Use of VPN. A VPN encrypts all of the person’s internet traffic, so that it is unreadable to anyone who intercepts it. This keeps it away from the prying eyes of any snoopers, including the Internet Service Provider (ISP), government agencies, or hackers.
Firewalls. Firewalls act as a line defense to prevent threats entering the system. They create a barrier between the device and the internet by closing ports to communication. This can help prevent malicious programs entering and can stop data leaking from the computer, tab or smartphone.
Antivirus softrware. A good antivirus software can act as the next line of defense by detecting and blocking known malware. Even if malware does manage to find its way onto device, an antivirus may be able to detect and in some cases remove it.
Secured home router. Changing the router password when it was first installed is important for those who don’t want to leave their home network vulnerable. Another step is to make sure firmware updates are installed so that security vulnerabilities can be patched. The encryption should be set to WPA2 or WPA3. Restrict inbound and outbound traffic, use the highest level of encryption available, and switch off WPS.
Installing updates. Updates can be a source of annoyance, but they are really important. Updates often include patches for security vulnerabilities that have been uncovered since the last iteration of the software was released.
Data back up. Data can be lost in a number of ways, including human error, physical damage to hardware, or a cyberattack. Ransomware and other types of malware can wipe entire systems without the owner having a chance to spot it.
No remote desktop tools. Many employers will be allowing employees to access their work networks via Remote Desktop Protocols (RDPs). While this can be secure, a 2019 Check Point study found security problems with some of the most popular RDP tools for Linux and Windows.
Carefull for phishing emails. Phishing emails are used by cybercriminals to “phish” for information, that can be used in credit card fraud or account takeover fraud.
To spot a phishing email, check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body. Hover over links to see the URL and don’t click links or attachments.
Encrypted communications. It’s common to communicate with fellow workers through emails. However, if they include sensitive information and the employer doesn’t provide secure methods of communication, the best way for the remote worker is mainstream messaging services such as Signal, WhatsApp or Telegram, that come with end-to-end encryption.