The Growing Cyber Risks of a Work From Home Workforce
is a technophile, writer, blogger and journalist with 14 years of experience in news media.
Even the world’s top technology companies are not immune. Microsoft warned Windows 10 users of “limited targeted attacks” that could infiltrate their operating systems using malware –– and worse, there’s no patch to fix it. “Attackers are taking advantage of the current shift to remote work by promoting malware masquerading as VPN installers,” explains Vicarius co-founder Michael Assraf.
The Types of Attacks
Some are referring to it as a ‘phishing epidemic,’ with more fake COVID-19-themed applications, advertisements and emails appearing each day.
A lot of damage has already been done. According to experts since the beginning of January, the period where initial outbreaks were reported, there have been over 16,000 new coronavirus-related domain registrations.
Ginp opens a web-page called Coronavirus Finder and cons people into giving their credit card information in exchange for information about COVID-19 victims in their area. “Oh, what a relief for some people would it be to know whom to avoid!”
“The technical challenges of working at home are enormous, and now I’m worried about hackers, too,” lamented one remote employee. “If it wasn’t for that, working from home would be way less stressful.”
Reducing Exposure to Cyber Attacks
The Internet can be a hostile environment. The threat of attack is ever-present as new vulnerabilities are released and commodity tools are produced to exploit them. Doing nothing is no longer an option. Protect your organization and your reputation by establishing some basic cyber defenses to ensure that your name is not added to the growing list of victims.
“Attackers are taking advantage of the current shift to remote work by promoting malware masquerading as VPN installers,” say experts in Cybereason in a statement to the media.
There are effective and affordable ways that organizations can reduce their exposure to cyber-attacks like using firewalls and internet gateways. Companies can establish network perimeter defenses, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet. Because of the scattered nature of the WFH workforce, and the fact that the organization no longer has a perimeter – some of those techniques are not effective anymore.
Software threat tracking and patching: Most of the COVID attacks exploited existing software vulnerabilities. Having the ability to find and mitigate software threats on your WFH workforce is mandatory.
Malware Protection: It is important to establish and maintain malware defenses to respond appropriately to an attack code that is known.
Password Policy: Make sure that an appropriate password policy is in place and it is followed. You will also need to include limits on normal users’ execution permissions and enforce the principle of least privilege.
If you feel that your organization could be attacked by technically advanced hackers, additional controls like security monitoring – to identify any unexpected or suspicious activity user training education and awareness. Also, it is a good idea to reach out to cybersecurity experts to help your organization deal with the threats.
To deal with the escalation, some cybersecurity firms like Vicarius are offering their free assistance. “The solutions to solve such problems are there in the market. You just have to find a company that can help you solve the problem for you,” says Michael Assraf, the co-founder of Vicarius.