Working from home has been great for two groups throughout the Covid-19 pandemic:
- Employees that work in WFH-friendly industries
- Cyber-criminals who are looking to capitalize on the weaknesses of a distributed workforce
Although employees have been celebrating freedom and flexibility, implementing new security policies has been a headache for information security professionals.
The big question is: will cybersecurity issues cause problems for the remote workforce? Or will network security simply need to catch up with the demands of the Work From Home movement?
What Are The Cybersecurity Risks Of Working From Home?
If you used any device over the course of the pandemic, you probably noticed a spike in what we call social engineering attacks — phishing, SMS attacks, cold calling from scammers. Security analysts saw an increase in 2020 and that has continued throughout 2021 so far.
Computer security is difficult for most people. Remote work brought this problem to the foreground — poor security practices and inadequate defenses in cloud-based computing make a business that encourages remote work into a hunting ground for a threat actor.
Most common security issues for remote workers
Phishing attacks were the most common attacks that remote workers faced over the course of the Covid-19 pandemic. Using techniques such as SMS phishing (or Smishing) and malware obfuscated in pictures or links attached to emails, employees risk serious data links with one erroneous phone call or a misclick.
DDoS (Distributed Denial of Service) attacks come in second, most notably in the Bandwidth takedown on the 25th of September. Business operations are shut down as server technology and endpoint devices are overloaded with connections. Although most companies have effective DDoS mitigation techniques (or they should!), home offices struggle to fend off these cyberattacks.
Despite 73% of IT managers now saying that anti-virus and anti-malware software is a necessity for home workers, malware was the third most common threat over 2020 and 2021. It is suspected that supply chain attacks on AV/AM giants like SolarWinds played a part in these infections, as well as a lack of proper security training.
Remote Work And Poor Cybersecurity
Not everyone is a cybersec whiz. In fact, quite a lot of people are ignorant of the dangers that lurk on the internet.
Communicating these challenges and helping the remote workforce understand cybersecurity is the hardest part for security professionals — 80% of IT teams are now saying that cybersecurity has become a thankless task.
Poor Personal Cybersecurity Hygiene
Their security has poor hygiene because they have unrestricted access to the internet — including the malware and scammers that are lurking about.
Even when a company has excellent security policies and follows industry best practices, employees try to skirt around the defenses. In fact, 31% of office workers have said that have attempted to circumvent business security.
Why do people try to access harmful parts of the internet? They don’t think security is a priority and view IT, teams, as a hindrance. 39% of workers aren’t confident in company security measures and 48% see existing security controls as hindering factors in their workday.
Securing Personal Devices: An Almost Impossible Task
When you have every device linked to a LAN, organizations can effectively enforce security. Networks are protected by stopping wayward behavior, defending the company and its data.
For distributed workforces, cyber-risk management becomes a very different ballgame. You can’t expect every employee to understand the protocols for secure cloud access and handling sensitive data.
That’s why using company devices in a personal home office is not exactly secure — you don’t have the expansive arsenal that onsite workers do. But business needs require secure devices, hence why 91% of IT teams updated their security policies over the course of the pandemic.
Social Engineering Risks
Remote workers face the biggest risk of social engineering attacks. Common types of social engineering attacks include phishing, watering hole attacks, and malware that convinces the user to engage in risky practices on secure devices.
We are all at risk of being tricked by scammers, but companies are leaving some employees to the wolves by failing to provide adequate cybersecurity training.
Ideally, IT teams should provide a report that contains an example of each of the most common cyber attacks the company expects to face. Could you recognize a phishing email? If not, someone should teach you.
Best Practices For Your Home Office
For freelancers, cybersecurity becomes a bigger concern. The protection of your business lies on your shoulders, so you need to think of effective solutions that don’t expose your critical assets or customers.
Getting The Right Defenses
Not everyone needs enterprise-level anti-virus or anti-malware software on their computer, but knowing which tools are necessary for your home security is essential.
If you use Windows, Windows Defender is actually one of the best tools for you on the market. Regularly updated, it provides effective defenses against many of the most common malware and exploits types.
Be Prepared to Defend your own Network
As a freelancer, you need to recognize that you need to stop malicious access to your network and devices. Although major companies have the best standard of cybersecurity, you have to rely on your wits and the best tools available to mitigate the risks.
Identify key points in your network that you need to defend (endpoints, routers, emails, sensitive data) and enlist the proper controls to create a hardened network. Many cybersecurity tools are available on Github and help you defend everything from a single mobile device upwards.
Learn Best Practices
In a world where only 36% of office workers receive cybersecurity training, best practices are hard to come by. That’s why you need to remember some simple mantras to avoid cyber threats.
- Don’t open links from suspicious sources. If you have received a request for personal or sensitive data, log into the website via your web browser. Following links from e-mails or SMSs is an easy way to open yourself up to risk.
- Regularly update your software and OS. Updating your computer might be annoying, but it is necessary to close compromising security issues. Keeping all software up-to-date gives you the best chance of closing vulnerabilities and stopping cybercriminals.
- Steer clear of risky content on company devices. Avoiding risky sites and deleting spam emails (or at very least only opening them in HTML mode to avoid a drive-by malware attack) is the best way to avoid harmful infections from embarrassing sources.
- Secure your network. Only use WPA2 on your home network. There is no excuse now to use WEP or WAP — even the most unsophisticated of hackers can break into non-WPA2 networks with only a smartphone. Don’t expose yourself!
- Back up! How often do we hear it? Now how often do we do it? Backing up is the best way to avoid losing data in ransomware attacks or hardware failures. Buy an external hard drive and cloud storage.
Doing Security Right
For remote workers and freelancers alike, online safety is a new world of unknown risks and dangers. Although some of us can rely on dedicated IT teams to defend our home networks, freelance workers need to rely on their wits and best practices.
Patching vulnerabilities, securing your network, and avoiding phishing attacks is the best way to defend yourself remotely, but using open-source tools and encrypting your data are excellent “next steps” for the security-conscious freelancer.
Great news! We match words with deeds — and the truth is that… We can connect you with the top 1% developers in the world! Let’s do some magic together! Contact us NOW!
Originally published at Upstack.co on Dec 22, 2021, by Austin Miller.