Hackers Exploit ‘Working from Home’ Shift
Sadly, doing a ‘good thing’ by enforcing mandatory work-from-home policies has opened new doors for hackers. As many U.S. companies tell their employees to stay at home to fight the COVID-19 epidemic, home workers are vulnerable of becoming the weak link in the computer security chain.
Now that thousands of our workforce has shifted to ‘telework’ … the hack-attacks have escalated. Employers and newly remote employees should be prepared for a jump in fraudulent emails about COVID-19. Uploading unproven links in random, unknown emails has exploited flaws in popular software such as Adobe Flash and browsers including Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Edge.
Sad but true - cybercriminals have weaponized some vital software - Johns Hopkins Coronavirus Map where it now is filled with malicious software,
Home Networks have become a serious challenge/threat for two high-level security challenges brought about by remote work.
- When working within a “security team” you lose control of the environment in which the users work ... for instance, have they secured their own home Wi-Fi?”
- IT team members MUST gain access to resources required to do their job. This means that your [new company’s] network perimeter must now include your employee's home -or- the coffee shops where they work. Some security programs are ready for this, but some just will not be.
Just be aware that home smart devices - many of which are built without security - are a key point of vulnerability for remote workers. In addition, people working from home are easily distracted, since they are used to working in the office, and likely causes mixing work with personal email and web browsing … and thereby potentially increases the risk of clicking on malware links.
Ways Employers Make “Working at Home” More Secure for Their Company
- Implement a multifactor authentication requirement for privileged users accessing the most sensitive/critical access to Internet-facing services. Multifactor authentication is a security measure requiring a user must provide two or more pieces of ID data (factors) to gain access to a device. This second security measure provides a password as well as a temporary passcode too.
- Ensure that the employee understand how to check common modem and router settings to confirm optimum security settings; recommend updating home Wi-Fi passwords.
- Employees must be watchful of receiving increased emails claiming to be from “senior staff” requesting bank transfers or gift card purchases that are illegitimate.
Understand that self-isolation can cause normally rational people “to let their guard down” and believe scams. The Secret Service warned Americans about “phishing” - a widely-used scam where emails appear to be from a reputable company, such as a major bank or tech company, seeking victims to hand over sensitive personal information (usernames, passwords and credit card information). Cybercriminals are exploiting the COVID-19 crisis by sending emails appearing to be from legitimate medical and or health organizations. Some examples of this:
- Victims got a fraudulent email from a fake medical organization with attachments purporting to have important information about COVID-19. By clicking the attachment, malware automatically infected their system or prompted the victim to enter their email login credentials, to complete the task.
- Hackers and cybercriminals are all taking advantage of the Coronavirus outbreak; especially when there is a public health crisis or catastrophe in which people are desperate to find more information.
- Another scheme uses social media to dupe victims into donating to bogus charitable causes. “Criminals are exploiting the charitable spirit of individuals,” according to the advisory.
- A tragic fraud to watch for is “non-delivery scams” where, frauds pose as a “company” selling medical supplies used to prevent or protect against the COVID-19 … demanding payment or deposits up front but never deliver the products.
Since working from home may become more widely popular for many companies … even when isolation is not as critical, employers will be required to ensure that their employees have all the tools needed to do their jobs as well as have the necessary tools to keep company communications (voice and electronic) secure from cyber creeps.
Pat Dwight - HQZ Experts 949-454-6149
5-4-20