You’re sitting at the kitchen table trying to work. Your monitor, laptop, keyboard, and notebook are squeezed onto the same small surface your partner is having breakfast at (and spilling milk over). You can’t understand why the audio isn’t working for your Zoom presentation. The sound finally clicks into gear. Alexa answers a question from the audience for you. Your child shouts for help with their maths lesson. Meanwhile, the cat struts across the keyboard, curls into a ball on the trackpad, and fires off an email you hadn’t finished drafting yet.
This is the reality of working from home, the new normal for the majority of office workers in 2020. But while the pandemic has created these domestic difficulties in our working day, there are also more concerning security elements at play when it comes to bringing the office home.
Hacker activity has soared since the start of the pandemic, with 80% of firms having seen an increase in cyberattacks, and Fintech News reporting that attacks targeting home workers rose five-fold in the first six weeks of lockdown. Darktrace said that malicious emails involving some form of spoofing have increased to 60% as attackers exploit the separation of workforce.
Balancing cybersecurity needs with business operations is tough, and criminals know this. Does your business have a remote working policy in place? Do your employees know where to find it, or even what it contains? It’s all too easy for a hacker to exploit a company when its normal security protocols aren’t in place. So how can you keep a business secure when the entire IT estate is scattered on living room sofas and bedroom floors across the globe?
Connect to a VPN
Any access to the corporate network while working from home should always be via a virtual private network (VPN). A VPN is a simple piece of software that can be installed on almost any device for privacy, safety, and unrestricted access to the internet. Crucially, a VPN encrypts data and hides IP addresses by creating a private tunnel through the internet – meaning your business data and sensitive information is safe from prying eyes.
Secure your devices
It’s paramount that any device your employees use to access work materials is up to date with the latest software, operating system, and security patches. If not, they run the risk of being attacked. Always make sure devices are encrypted and have suitable passwords for initial access. Anti-virus software should always be present on a machine, so staff need to make sure this is up to date and running smoothly too.
Stay away from public networks
If the scenario above sounded a little too chaotic for your liking, you may be tempted to head to a coffee shop or shared workspace to finish that report. However, be wary of the risks associated with public spaces. Tell your employees to never connect their work devices to an unsecured wireless network, like the Wi-Fi at Starbucks. It could take mere minutes for an attacker with the know-how to access business data. Luckily, devices can be configured to never automatically connect to such a network. On a more physical level, and just as importantly, ensure your employees know the importance of not leaving work devices unattended, even if they just have their back turned for a second to order another flat white.
Double check the home Wi-Fi
Is the Wi-Fi in your employees’ homes secure? Get your staff to consider changing their router’s default administrative password before accessing company data to avoid malicious actors from intercepting any corporate assets. They could also think about disabling UPnP and WPS; the former makes it easier for devices like games consoles and smart TVs to access the web, while the latter lets new devices connect to the network with a button push or an easy-to-brute-force PIN code. Unless they really need it, it’s probably best to disable these. In addition, modern routers often come with features designed to make remote access from outside the home easier. Unless staff desperately need access from somewhere else, tell them it’s safest to turn this setting off too.
Watch out for phishing scams
Personal email addresses might not have the same built-in spam filters as the corporate inbox. It can be tempting to take a quick tea break and check on personal emails, yet one wrong click could lead to a huge security breach. The UK Government’s 2019 Cyber Security Breaches Survey stated that phishing emails are “becoming more believable”, and therefore “harder to detect” than ever before, meaning employees need their wits about them at all times. It could be easy to fall for a scam email suggesting news on the virus or a link to the number of cases in the area. Make sure your employees know to watch out for poor spelling and grammar, senders with a suspicious email address, any calls to download a file or click on a link, and any impression of urgency.
The Head of the IT department or security leads might already know these steps like the back of their hand, but does everyone in the company? Threat actors are constantly improving and evolving the way they attack. How would your business cope with a breach that led to a dramatic drop in share-price, reputational damage, or even a hair-raising bill from the regulator?
The only way to prepare is to stress-test your teams with real-world cyber threats and crisis response training. While boring, resource-intensive tabletop exercises have previously dissuaded organizations from preparing incident response teams, there’s now a much more engaging, realistic experience to learn from.
Immersive Labs’ Cyber Crisis Simulator is a dynamic, browser-based solution that tests your teams’ responses. Rich storylines challenge your employees to make critical decisions on topics like ransomware outbreaks, data breaches, and phishing attacks. By replicating real-life experiences and packaging post-exercise insights into areas for improvement, the Cyber Crisis Simulator helps to build muscle memory, resilience, and confidence, and minimize the damage incurred when the real thing strikes.
Join us at our webinar on 7th October to see our groundbreaking product for yourself. You’ll play the role of Head of IT, and it’s up to you to prioritize security decisions and navigate a cyber crisis when an organization faces an imminent switch to 100% remote working. Think you’ve got what it takes? Sign up today and we’ll see you there.
24 September 2020
Latest Blog posts
An investment into the cyber skilled workforce of the future
11 June 2021
Patch Newsday – 8 June 2021
9 June 2021
Frustrations of an AppSec Engineer Part 2: Lost in Translation
21 May 2021
Welcome to the DarkSide: where IT and OT Collide
20 May 2021
Frustrations of an AppSec Engineer Part 1: Collaboration, Collaboration, Collaboration
13 May 2021
It makes you WannaCry: Anti-Ransomware Day 2021
12 May 2021