Many of us are working remotely from home during the COVID19 pandemic to follow safe social distancing practices but this creates new opportunities for hackers. How? Because its highly likely using of an unsafe and unsecure home office network. If this comes as a surprise and right now, you’re thinking: “Oh, is my home office network not secure?” The answer almost certainly is: No, its not secure. This also diminishes your company’s cybersecurity as it works to protect its confidential information and intellectual property.
How has the shift to remote access and work from home affected cybersecurity?
Many companies lacked work from home culture
In the beginning of the COVID19 pandemic companies were hit with a surprise: They would have to shift their staff to be working from home. And to do that, they will need to set up remote access and VPN – virtual private network – some of the companies had people working from home already so they just needed to figure out how to increase bandwidth. Other companies though do not have the policies and procedures in place because they don’t have the work from home culture, so they have to set up everything (from scratch).
And lacked cybersecurity procedures for it
Moreover, they were not prepared insofar as cybersecurity; adequate information security practices were not in place. For now, they just want to get their employees back to being productive. And the way to do it is to stay safe and work from home. It is not easy to for the companies that do not already have a work from home culture.
Consequently, they have a big hurdle to overcome. They also need to think about how to protect their confidential information and intellectual property. And now they need to implement the policies and procedures to make sure that their staff understand expectations of what they should and should not be doing to protect the company’s information.
In addition, when employees started working more from home, they also need to be concerned about for their personal information; they need to ensure that they protect themselves too as the identity theft is a big problem these days. There are more hackers now trying to get their personal information such as online banking or investments or trying to compromise employee computers in other ways.
What are some cybersecurity deficiencies in home office networks?
- No established channel segregation in the Wi-Fi routers between the work and the personal use.
- Wi-Fi routers that have out-of-date firmware and lack security patches.
- Home computers and IoT devices infected with freeware, malware and spyware.
- Systems are not patched (updated) with their operating system updates that applies to both Windows devices and Apple devices including iPhones, iPads and laptops
- Home Wifi networks aren’t secured (password protected).
- The windows system computers often are not up to date in terms of their operating system patches
- Privacy settings for Webcam and Microphone are left to unsecure default setting.
- No routing data backup.
- Old outdated Wifi router – the manufacturer no longer makes further firmware updates for those
- Parents sharing their work computers with children in the home.
Are Apple devices immune to spyware and malware?
No. That’s no longer the case, you could get away with that back about 20 years ago but now Windows and Apple devices are vulnerable as both have been introduced into corporate environments
How common are these situations?
It’s about 9 out of 10 times that people fail to secure their personal devices so it’s a big problem.
How do these situations create opportunities for hackers:
To hack company information?
- Unsecure devices are the easiest point of attack.
- Devices lacking recent security patches are especially vulnerable
- Phishing scams involving COVID19 and the Federal Government Financial Relief Program (PPP, EIDL) are popular exploits.
- Virus and malware infections are injected through phishing emails and malicious freeware/spyware downloads.
- Ransomeware encrypts a victim’s hard drive to extort cryptocurrency payments in exchange for the decryption key.
- Hacking of webcam and microphone to steal confidential information.
- Weak passwords are easily broken
To steal personal identity theft?
- Weak passwords and lack of 2 factor authentication (2FA) lead to compromise of other online accounts, including banking, investment and social media.
- If a C-level executive’s social media account is hacked and hijacked, a hacker can make misleading statements to adversely manipulate company stock value.
- Compromise of online gaming accounts allow for fraudulent online purchases
- Theft of cryptocurrency wallets
How do hackers select a target?
- Most often they indiscriminately scan the internet in search of the easiest targets.
- Also selectively target high profile public people through internet and social media searches.
- Utilize vulnerability scanning tools widely available on the internet or purchased through the dark web.
- Hackers are available for hire on the dark web.
Do security software platforms like AI enhanced threat detection and endpoint security solutions adequately compensate for deficiencies in home networks and devices?
No. Data security is about people processes and technology and is a shared responsibility between both the company and employees
General cybersecurity Recommendations
- Implement an “Acceptable Use” policy for company devices used on-premises and in home offices.
- Conduct periodic security assessments to ensure policies are working effectively
- Perform Vulnerability Assessments and Penetration Tests to determine if software solutions are effectively blocking attacks.
- Conduct Social Engineering Testing to determine employee readiness to avoid Phishing attacks.
- Provide ongoing employee training about the latest phishing and security threats.
Cybersecurity recommendations to Secure Your Home Office Network and Avoid Identity Theft
In conclusion, we offer the following tips to help you avoid identity theft and secure your home office network
- Update WiFi router firmware or replace router with new model.
- Install antivirus software on all Windows and Apple devices; keep up to date.
- Update operating systems on all Windows and Apple devices, including mobile devices
- Don’t click on email links when you don’t know the sender.
- Confirm the legitimacy of a sender you know by mouse hovering over the email address.
- Don’t share company laptops with family members. Separate business use from personal use.
- Lock the screen when stepping away from your desk.
- Notify your corporate/outsourced IT manager/provider when a virus or malware strikes.
- Segregate home WiFi network into distinct business production and home/guest use segments
- Consider upgrading to a more secure business grade firewall
- Check with your Internet Service Provider (ISP) for FREE antivirus software
For information about our flexible and affordable consulting services please click here