Remote Working Leads To Increase Cyber Risks: Proper Training Can Mitigate The Risks

Remote Working Leads To Increase Cyber Risks: Proper Training Can Mitigate The Risks

Cindy Ruiz was not expecting to ever work remotely from home at her job in a financial data firm, but that was exactly what happened in early March of 2020 according to a report by NPR. Ruiz was just one of the millions of Americans who suddenly had their entire work life upended by the spread of COVID-19. Thousands of firms across the country suddenly faced the icy realization that they must send their workers home to work if this was a possibility. Some companies were not so lucky and had to shut down operations entirely. Those that did survive had to immediately contemplate the ramifications of sending their entire workforce home to conduct business from a sprawling map of personal abodes.

Cybersecurity immediately became a hot-button issue as firms began to fear data breaches, confidential information leaks, hacking threats, and so much more. A single cyber-attack could be devastating to a company and cause it to lose all the progress that it had made for years prior. There was no way this issue could be overlooked. This is why now more than ever it is essential to understand the risks and vulnerabilities that exist in our remote work landscape.

What’s The Password?

The Internet has been around long enough now that the average American knows that they need a strong password to help keep themselves protected. However, there is sometimes a more lax mentality around the passwords that one uses for work. An employee may choose a less than perfect password because it is easier for them to remember and use every day when they log in. This is the nightmare scenario for a business that seeks to keep its confidential data safe.

Teampassword.com suggests using secure collaborative passwords only known to the team of employees and strictly monitored by the company itself:

If you want to successfully implement work-from-home programs, employees need quick access to data and programs. This is where a good team password manager comes in. Employees can use these tools to share logins and passwords safely without compromising personal and sensitive information. This way, you can encourage collaboration and protect data at the same time.

The purpose of this is to take the password selection process out of the hands of individual employees and keep it only at the management level or higher. It also means that only one password will actually work for logging into certain information sources. That leaves fewer opportunities for cybercriminals to attempt to breach a password and get the information they are not supposed to have.

All employees should be reminded of the importance of creating strong passwords and changing them often. The standard rule for how frequently a password should be changed is once every ninety or fewer days. Changing passwords frequently like this adds an extra layer of security.

Going On A Phishing Expedition

No one can say with a straight face that cybercriminals are not smart. The very opposite is true, they are smart and cunning. They constantly dream up new ways to scam unsuspecting people, and they even work on repackaging old scams to work in more malicious ways. One of the older methods that these individuals use is known as phishing (pronounced like fishing) e-mail.

What are some characteristics of a phishing e-mail? They often break down something like this:

• Appear To Be A Legitimate E-mail – A phishing e-mail is very carefully designed to appear just like a legitimate e-mail that one may receive from their boss, an outside vendor, another department within the company, or any number of other valid sources. The craftiest scammers will manipulate the e-mail that they send to even have all the design touches that a legitimate e-mail may have.
• Asks The Recipient To Click A Link – A tell-tell sign of a phishing e-mail is that it will very likely ask the recipient to click on a link embedded in the e-mail. It will make the link appear important and harmless, but the opposite is true. The link, once clicked, will enable malware and viruses to latch onto the computer and create all kinds of havoc for the user.
• Odd Language – Another critical element to be on the look for when it comes to suspicious e-mails is the language used. One should always try to read their e-mails out loud and see if there is anything unusual about the way that the message is written. Just as all human beings have a certain tone of voice,  we also have a certain style of writing. When that style appears to be off even slightly in an e-mail, it may be time to ask IT security to check into it.

These are not the only things that point to the possibility of a phishing e-mail, but they are major characteristics that make up the majority of phishing e-mails that one may encounter. There are patterns that have been identified with this type of scam in the past, and it is important to recognize those patterns and attempt to weed out malicious messages.

Huge numbers of workers around the world are being slammed with these types of messages right now according to reporting from techrepublic.com. They note the following sobering statistics:

Almost half (48%) of the respondents in the US said they were hit by targeted phishing emails, phone calls, or texts in a personal or professional capacity during the first six months of remote work. That percentage was around the same, but in some cases higher, for the other countries covered in the survey. Further, 9% of those in the US revealed that they were hit by one or more such attack each week, a number that was slightly higher in several of the other countries.

Those numbers should open eyes to the fact that this scam may have been around for a long time, but it is not going away anytime soon. If anything, scammers are seeing more doors open to their attacks with so many people working from home.

Finally, it is important to note that when one receives an e-mail that they suspect may be harmful, they should never forward that e-mail to any other party including their IT security department. Doing so keeps the e-mail in circulation and increases the chances that someone may open the harmful link or links. Inform security of a suspicious e-mail and allow them to do the rest.

A Protective Shield

Have you ever heard of ZScaler, Forcepoint, or Netskope? Most people had not prior to March 2020, but all of these companies are joining more well-known names like McAfee and Cisco as forces in protecting networked systems from malicious attacks.

Viruses and malware have long been a plague on personal and business computers, and many see the work-from-home situation as the equivalent of offering sitting ducks for scammers to pick off. Thus, practically every company that has remote workers has insisted that they install the preferred security provider of that company. These security blankets help ward off known viruses and malware from infecting a computer, and they work to identify new threats as they come along as well.

Many businesses require that employees install these programs before they are allowed to continue working at all, and that is the way that it should be. From the moment a computer or connected device of any sort is activated it becomes a potential target. It is best to use some kind of anti-virus and malware protection right from the start.

All Businesses Are Vulnerable

Small-business owners might have taken some solace in the past knowing that scammers primarily went after big companies with their scams. The mega-corporations were appealing targets because they had vast resources to go after and because some were decentralized in nature. This meant that in their sprawling empires there were many types of people and systems used on a daily basis. The number of potential vulnerabilities was larger and easier to exploit.

Large companies still have to worry about some of these facts, but small-business owners now also have to be concerned for themselves. The largest companies have taken a hit when it comes to cyberattacks in recent years. Just take a look at the attack that put egg on the face of Target Corporation in 2013. It was a massive consumer data breach that made headlines in national newscasts for weeks. However, the company learned from this and has put in much stricter security. There are still plenty of attempts to get at valuable information within Target to be sure, but the constant pressure on this and other companies of their size gives them a lot of practice managing these risks.

Imagine what these same threats look like to a small business that has not experienced this kind of pressure before. They likely don’t have nearly the same level of infrastructure for combating cyberattacks that a large company does. On top of this, the small business now has remote workers who could be inexperienced with dealing with data security threats. It is a toxic combination that all companies need to understand. This is no time to rest peacefully when it comes to the damage that a criminal could do to the security of your company data.

Please contact us for more updates and information about the looming cyber threats that are out there and how they may be best combated in the reality that we find ourselves in today.