By Goh Chee Hoh, Managing Director, Trend Micro Malaysia
A recent survey conducted by Polycom Inc found that 73 percent of company in Asia offer flexible work arrangements for their employees. Flexibility, such as that offered through remote working or working-from-home, has been a growing trend in Asia. This comes as more technological-enabled environments offering added convenience for employees to work anywhere continue to rise.
However, when businesses enable their workforce to complete mission-critical tasks from places and networks other than their main office, there are certain factors that need to be considered when it comes to data security. It's critical that chief information security officers and IT admins do not disregard the risks employees' at-home activities can pose to their business security posture, in an age when data breaches are increasing.
Unsecured home routers
As Trend Micro pointed out in its recent report on the Most Noteworthy Home Network Security Threats of 2017, the router serves as a hub for all connected devices, including the smartphones, laptops and other endpoints employees leverage both at home and work for work purposes.
In this instance, if robust security isn't in place at this critical juncture, employees leveraging their home network for work activity could be opening themselves up to considerable risk. Worst of all, a device infected at home could potentially impact the entire enterprise network once the staff member brings the endpoint back to the office for work.
Some issues to be aware of here are:
Incorrectly configured networks: This can extend to a range of different factors, but the bottom line is that an incorrectly configured network can provide an easy open door for malicious actors.
Default or weak passwords: If employees don't adjust the security credentials of their routers and keep the default password in place – or use a password that is considerably easy to guess – it presents a low hanging fruit for hackers. It's imperative that default credentials are replaced with strong passwords once the home network equipment is deployed.
Firmware updates: Not updating devices with the latest patches can also create easily exploitable vulnerabilities that result in significant security gaps and other problems.
As Trend Micro research shows, hackers aren't just seeking out unsecured routers to infect home networks. Routers and other devices are also being leveraged for cryptocurrency mining. In fact, this threat was the most detected network event seen in 2017.
Cryptocurrency-mining malware, for instance, are capable of infecting devices to illicitly mine for crypto currency. Such malware can spread the same way other malware types spread, through spam emails and malicious URLs, and take advantage of the computing power of multiple devices to increase yield from mining.
Like nearly any other security risk, a threat like this could potentially spread from home devices to corporate assets. When CPU and computing power is tied up by cryptocurrency mining activity, businesses aren't able to achieve the level of performance their users require.
Brute force attacks via Remote Desktop Protocol
Malicious actors are increasingly leveraging Remote Desktop Protocol (RDP) capabilities to spur brute force logins of home devices. Once a hacker has broken into a home device in this manner, he or she is able to execute malware that could spread to enterprise networks the next time the device is used at the office.
RDP enables a user to interact with a system as if they are a local user, providing access to the operating system and applications. In this way, a hacker could remotely access login capabilities, and use brute force to breach and glean details about users and who has control of what devices.
The risk lies in the network, when a hacker is able to gain access to the RDP without the user admin knowing. The home network is where all the connected devices and stored data lie.
Overall, it's important to ensure that employees take the appropriate security precautions when taking part in work activity from their home networks. To find out more, check out Trend Micro's report and connect with our team of security experts today.