Technology   //   May 19, 2021

Remote-working leaves businesses increasingly vulnerable to cyber attacks, say experts

Enabling your employees to work remotely could create a cyber security risk and potentially damage your business, according to security experts.

Before the pandemic most people worked in offices where the IT team oversaw a traditional hub-and-spoke model. This meant emails, video meetings, instant messaging and document management were directed through a central security point.

Yet in a home-working world, employees, devices and the cybersecurity team are dangerously separated — and this has increased the threat from cyber criminals. 

“During the pandemic we’ve seen a big jump in both email phishing attacks and mobile phone scams (known as ‘smishing’),” said Tom McVey, solutions architect at Menlo Security. “These messages, such as an email about the COVID-19 vaccine or text messages about failed courier deliveries from Amazon, seem genuine to the untrained eye. Look more closely and you see they contain malicious links that lead to scammers’ websites.”

There has certainly been a rise in credential phishing where cyber criminals create fake login pages or forms to steal credentials. As well as commonly used cloud services like Office365 and Adobe, the criminals are utilizing cryptocurrency wallets which are increasingly popular. 

According to the 2020 Verizon Data Breach Investigations Report which analysed 32,000 security incidents, 67% were caused by credential theft, phishing and business email compromises.

One problem is that employers and workers can rely too heavily on the IT department to plug any security gaps. Yet the most likely overwhelmed IT guys are busy keeping the business running as everyone has moved to remote working and can struggle to keep on top of every cyber threat.  

It could be time to bring in expert help.

“The pandemic has handed businesses an opportunity to question their legacy cybersecurity practices and processes. If your systems were previously created around protecting users in an office, it’s time to rethink,” said McVey. 

He recommends that companies move to a cloud-based web isolation solution and spend more time analyzing web browsers for vulnerabilities. Businesses should also ensure their online security policy is up-to-date and that staff follow it, he said.

One of the biggest threats to companies from employees working at home can come from outdated routers provided by broadband providers. These old routers let hackers spy on users when they are online and can direct them to scammers’ websites.

Consumer body Which? investigated 13 commonly used, old router models in the U.K. and found that nine would fail new legal requirements due to come into force.

“Given our increased reliance on our internet connections during the pandemic, it is worrying that so many people are still using out-of-date routers that could be exploited by criminals,” said Which? computing editor Kate Bevan.  “Internet service providers should be much clearer about how many customers use outdated routers and encourage people to upgrade devices that do pose security risks.”

She believed that ISPs should also be clearer about when routers stop receiving firmware and security updates.

Another weak point in any home worker’s security can be the choice of passwords that are easy to guess. The cyber experts recommend two-factor authentication methods. This means having fingerprint or facial recognition as well as a password. 

However, these do not always protect against phishing attacks.

At New Jersey-headquartered cyber resilience and threat mitigation firm Semperis, director of services Sean Deuby agreed that the biggest dangers come from insecure endpoints. These include employees’ own devices and home networks. 

“The pandemic has pushed many organizations that were considering cloud service adoption but were hesitant, off the fence into at least partial use of these services,” said Deuby. “But many use VPNs to access the cloud services, thinking it’s more secure than direct access. This is often not the case and threat actors are targeting components (such as VPNs) that may have been implemented insecurely.”

He urged employers and employees to act quickly to plug potential security threats to ensure their businesses continues to operate safely and avoids any hack that may affect their clients.

Deuby cited the hack on U.S. information technology firm SolarWinds a few months ago which went undetected for many weeks and spread to its clients. U.S. officials believe the hack originated from Russia.

COVID-19 related attacks will continue in 2021 with healthcare and pharmaceutical sectors continuing to be targeted,” he said. “We have seen supply chain attacks, while ransomware continues unabated because it works so well. In 2021, data extortion (exfiltrating data and threatening to expose if a company does not pay a ransom) is becoming the norm.”

Deuby added that most organizations focus on prevention and detection, but equal attention needs to be paid to recovery.

“In particular, the recovery of systems after a cyber disaster that can encrypt and destroy hundreds or thousands of systems in minutes. Can your recovery processes come back quickly from such an event?”