No longer fully protected by corporate firewalls and LAN-based security tools, staff are making use of personal devices, home networks, and public internet connections.
This trend has not gone unnoticed by cyber criminals. Many are using this new environment to mount innovative attacks designed to harvest personal and corporate details and gain entry into centralised applications and data stores.
There are a number of steps that home-based workers can take to improve their IT security and reduce the likelihood of falling victim to such attacks. These steps include:
1. Be watchful for email phishing attacks
People are understandably curious about the COVID-19 virus and the implications it has for their health and lifestyles. Cybercriminals are taking advantage of this curiosity and creating targeted phishing campaigns.
A phishing email may arrive with a link to a seemingly trustworthy site containing news updates on the virus and the work being done to create a vaccine. However, the link actually points to a site containing malware that can compromise the user’s device and steal personal details.
Other phishing emails may come with an attachment. Once opened by the recipient, they can also infect the device and could result in the installation of crippling ransomware.
The best way to avoid falling victim to a phishing attack is to carefully examine every received email before it’s opened. Check whether it contains misspelled words or poor grammar, or has come from an unknown sender.
Unless absolutely sure of their source, don’t open attachments. Some recent examples purporting to be information on the virus have actually contained banking trojan malware. Once activated, this malware searches for personal and banking details stored on the user’s device. As a second step, it then connects the device to a botnet that is then used mount attacks on other users.
2. Be wary of text and social media attacks
Email is not the only channel being used for COVID-related phishing attacks. There are increasing reports of attacks coming via SMS messages and social media channels. Some may appear to come from a legitimate source or known contact, however have actually been generated by a cybercriminal.
Be constantly on the watch for messages that don’t seem quite right, or those that have been sent at a strange time of day. When in doubt, don’t interact with the message but contact the sender using a different method to check it was actually sent by them.
Recent reports have included examples of social media posts offering a month’s free subscription to a streaming service. Clicking on them allows the criminal to harvest the user’s social media login details that can then be used to gain access to other sites.
3. Keep patches up to date
Home-based workers may often be using their own desktop or laptop computer to connect to corporate resources. For this reason, it’s vital that the latest software patches and security updates have been installed.
Make it a habit to check regularly for updates, both for your operating system and any applications that have been installed. This will ensure that any vulnerabilities that could be exploited by cybercriminals are closed as quickly as possible.
4. Secure your connections
Many workers will have swapped their corporate network for home Wi-Fi. While this is convenient, it means network security may no longer be sufficient. Unsecured Wi-Fi networks offer a potential opening for cybercriminals, so ensure adequate passwords are in place. Also, consider turning off the broadcasting of your SSID to make it more difficult for other parties to locate your network in the first place.
Just as personal hygiene has become vitally important in a COVID-19 world, so too has cyber hygiene. When working from home, remain aware at all times of potential threats and the steps that can be taken to overcome them. Remote working is likely to be a feature of daily life for many months ahead, so adopting a strong security frame of mind is vital.