Remote workers are more prone to infection

No, I’m not talking Coronavirus. This is about another real threat to your business, livelihood, your customers and your reputation. Following on from my last article, it's clear that SME's and especially remote workers are serious targets.

Malware, Ransomware, online scams and cyber-criminals have all used the COVID19 crisis and taken advantage of our current situation to ramp up their activity and impact. But even when the crisis is over, Cybersecurity should be on your list of things to keep abreast of.

Some interesting (and worrying) stats:

• SME’s are exposed to over 4000+ ransomware attacks every day
• More than 3 out of 5 firms, 61%, reported a security breach in the last year
• Home/Remote workers are 3.5x more likely to get scammed/infected than office workers
• An affected business will now take over 14 days to recover their systems/data
• The cost to business will reach over ￡16 Billion ($20 Billion US) by 2021
• Attacks on small businesses now up 59%
• Threats that have been detected include fake COVID19 temperature measuring apps and Accenture recently reported over 16,000 “Covid19/Coronavirus” related domain names with up to 50% of these linked to fake, fraudulent or infected websites.

So what can we extrapolate from some of these stats and their accompanying reports? It’s clear that small businesses are now definitely a significant target for cyber-criminals. A large proportion of attacks in the past were aimed at larger corporations with deep pockets – after all, over 74% of attacks have a financial motivation.

So why have smaller businesses now become a target? There are a few reasons:

1. You are an easier target. Larger enterprises have, generally, spent time beefing up their security and spending more to protect themselves. It’s their insurance policy.
2. Spreading the risk. It’s better to obtain ￡1000 from 20 businesses after you’ve hacked 100 companies than try and get ￡20,000 from one enterprise that then refuses to pay. Hackers are no longer loners operating from their bedrooms, they are criminal gangs, state-sponsored actors or even “proper businesses” operating from hacker-friendly countries. Some even have HR departments!
3. You’re in the supply chain. No matter what your business, if you’re B2B chances are you are in the supply chain to a larger business. Even if your immediate customer is another SME, their customer may be an enterprise, charity or public-sector organisation that the criminals really would like to target. By compromising your systems, then your customers, the criminals will gather data and intelligence or open doors to allow them even more revenue, all while risking your business and reputation.

So what can you do to try and keep safe? I’ve tailored the list below specifically for SME’s like yours:

Have a plan

Start by looking at all the risks and areas of your business. Knowledge is power and you can work out what systems are vital to your business, where your critical and sensitive data is stored and how you would handle a breach. Only then can you think about the resources to set aside to protect yourself.

Understand the Risks

Initial risks include remote workers and contractors, lack of password policy, not using multi-factor authentical (MFA/2FA), not encrypting data, using or not using VPN’s (see below), not patching, updating or replacing old systems and not using every tool available to you. There are a lot more areas of risk, but these are the most common.

This article started discussing the risks of home/remote workers and I’ll now outline some of the additional risks they pose:

• Poor WiFi security
• Insecure/unpatched routers that lack decent firewalls, often with a default password that's not been changed
• Cheap, low-security home devices like CCTV cameras, voice assistants, heating and lighting etc that are now all internet-connected, again often with default passwords set.
• Shared network with family members

How you can fix or mitigate

You should encourage and educate your home workers to these threats and there are some excellent resources available to assist you. But you should also assume that they will take NO ACTION and it’s up to you to put barriers in place in the business should their network become compromised.

Training and education are now considered critical. Protection technologies only help part of the time and emerging threats may well outsmart any solution you have in place. Teaching your workers to recognise threats, to pause before clicking and report suspicious items will greatly reduce your risk, leaving the tech to mop up the remaining threats.

Mandate multi-factor (2FA/MFA) authentication on every digital system your workers use that requires a login. This means if their password becomes compromised (leaks out or is stolen), a hacker cannot use that information on its own to get to your systems.

Use security settings that are the strictest possible, without generally interfering with someones ability to do their job. It’s much easier to peel away restrictions on a need-to basis than start from a very permissive perspective and add layers. Examples of restrictions include blocking access to certain website categories, only connecting to trusted systems and only running trusted (whitelisted) applications.

Earlier I referred to “using or not using VPN’s” as a risk, which appears to be a contradictory statement. A VPN, Virtual Private Network creates a secure tunnel across the internet for data. VPN’s are generally seen as a good way to protect business systems for remote access purposes as they require a login and then encrypt all the data flowing back and forth. But that’s the problem. If an employee’s device is compromised, a VPN could easily allow that threat to enter your network.

Speak to your IT provider so they can configure the VPN’s to only allow certain types of communication to certain systems and not the network as a whole.

Use a DNS filtering service. What is DNS? Every time you type www.domainname.com into your web browser or click on a link in an email, your computer talks to a Domain Name Server (DNS) to look up the address of the service you require. Think of it like an index in a book. You know the name of the service, but not it’s location. That, in a nutshell, is what DNS does and it’s a risk because its subject to attacks and the entries in the index your computer receives can be false, tampered with or simply point to somewhere bad.

A DNS filtering service will protect you by sanity-checking the index lookup with a trusted source of genuine entries and a blacklist of dodgy locations. By having your employees use DNS filtering, you can help protect or mitigate against an array of problems, like mistyped web addresses, hacker remote takeovers and dodgy links in emails.

Ensure your employees use end-point-protection. No, I’m not referring to advice a sexual health clinic might give them. I’m talking about software that we used to call “Anti-virus”, but it’s a lot more than that these days, which explains the change of name.

End point protection software deals with multiple threats in different ways:

• A strong firewall that doesn’t just block threats coming in, it monitors traffic in and out looking for issues
• A web filter. It monitors traffic coming into your web browser for threats.
• An anti-virus/anti-ransomware/anti-malware scanner. This is responsible for examining files and even the memory contents of your computer for both known threats and also threatening behaviour
• Device control. Scan’s devices you plug into your computer (like USB sticks and flash drives) for threats.
• Always go for a commercial solution, not a free one. Free just doesn’t cut the mustard. The only exception is a commercial EPP that’s free because it’s sponsored – e.g. downloaded from your bank.

And finally (at least for this list), you need to backup your data and systems. It should be stated here that I am talking about a proper backup solution (it doesn’t necessarily need to cost a lot), but I am not talking about Dropbox, Google Drive or Onedrive on their own. Those are business productivity tools, not backup solutions.

If ransomware infects your computer, it will merrily encrypt not only the local copies of your files but the synced copies in these remote storage locations as well. Proper backup doesn’t expose you to that vulnerability, because you have yesterdays backup or last weeks to recover from.

If you are confused about where to start, there are a lot of resources available, but as a business, you need someone to take responsibility for cybersecurity and implement it. Ad-hoc is no longer good enough.

Consider talking to an expert about your cybersecurity, they can help you from policy through to implementation, also speak to your IT support service provider can help you bring all the pieces together. Don’t wait for a cyber-crime attack to ask your IT support provider “but I thought you protected us from that” and as a business owner or board director it’s your responsibility.

If you would like to connect with me or send me a message, I would be happy to discuss anything in this article or offer guidance, please just reach out. I’m Darrin Salt and the Managing Director of The Technologies Group, an award-winning tech support business based in London UK. With over 32 years of experience, I love supporting businesses and helping them grow through the smart use of technology. You can email me directly, [email protected] or call us on free on 08081968130

Article sources:

• The National Cyber Security Centre: https://www.ncsc.gov.uk
• Hiscox Insurance 2019 Cyber-Readiness report: https://www.hiscox.co.uk/sites/uk/files/documents/2019-04/Hiscox_Cyber_Readiness_Report_2019.PDF
• Cybercrime Magazine: https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/
• Coveware Q3 Ransomware Marketplace report: https://www.coveware.com/blog/q3-ransomware-marketplace-report
• Accenture https://www.accenture.com/us-en/blogs/cyber-defense/communication-is-the-answer-to-cyberthreats-in-a-crisis