Remote working is now the new normal for employees all over the world. While some organisations have requested their employees to get back to work on-site, many are still working from home and have adapted to this new lifestyle.
For businesses, there are still plenty of concerns in having their employees work remotely, with security being chief among them. Are remote employees working from a secure environment at home? Are their networks secured? Are their devices well-protected from cyber risks? And most importantly, are businesses providing them with enough security to work safely?
According to the latest edition of the Malwarebytes quarterly Cybercrime Tactics and Techniques 2020 report, there was a massive spike in the number of threats detected in the first quarter of 2020 alone, especially COVID-19-themed phishing attacks.
Cybercriminals are using the pandemic as an opportunity to wreak havoc on remote workers. They understand that remote workers want to keep updated on COVID-19 alerts and news, just like everyone else and they are taking advantage of this.
For example, cybercriminals have been sending malware-infected emails to remote workers by making them appear to be from reputable organisations, such as UNICEF and John Hopkins University. Such emails often come loaded with known malware like AveMaria, NetWiredRC, LokiBot, AZORult and DanaBot. The report explained how the malware can spread and cause destruction and disruption, not just to specific users but also whole organisations by infecting remote working devices.
Such attacks are focused on stealing information and using remote employees as doorways into more valuable networks.
What Can Businesses Do to Protect Their Remote Workers?
First and foremost, businesses need to make sure to spread valuable security knowledge to protect their employees while they are working from their homes, especially regarding attacks like phishing that leverage social engineering techniques.
While there are many solutions that can protect endpoint devices and network security, none of it will matter if remote working employees themselves are not well versed on the dangers of phishing emails. Therefore, businesses must educate their employees on the potential dangers and risks that come from untrusted sources and links. They need to ensure their employees are vigilant when working from home and can differentiate suspicious emails from genuine ones.
As companies purchase and roll out new software and hardware to enable workers to work remotely, security has to be a priority, necessary measures have to be taken and security policies need to be updated to take into account the work-from-home arrangements.
The use of robust and reliable security software and tools that are able to protect users’ home and remote work systems is also vital. These need to be easy to deploy, update and manage no matter where the employees may be or the type of device that they use.
These are just a few precautionary steps that businesses can take to keep their teams and organisations secure in the long run. However, cybersecurity is a never-ending battle and one that is constantly evolving. The strategies, policies and tools you have used in the past may not be adequate sometime down the line. This is because cybercriminals will continue to find new, innovative ways to trick employees, taking advantage of current events or occasions to maximise their chances of success. As such, attackers will continue to develop and fine-tune their tactics and techniques to target workers (remote or otherwise) long into the future.
Malwarebytes will be organising an important webinar on the 6th of October 2020 to help businesses better understand these rising threats and the steps they can take to protect both their employees and organisations. Click here to register for the webinar.