Remote working continues to be an issue for most businesses. Simply because businesses have concern on the security issues their employees would have to face while working from home. At the same time, when governments announced lockdowns due to COVID-19, many businesses were not prepared to have all their employees working remotely. This resulted in some employees having to use their own devices to work from home since some businesses could not afford to get everyone a corporate device in time.
In light of this, CSA spoke to Greg Higham, Chief Information Officer at Malwarebytes on some of the concerns businesses have and how they can deal with them.
According to Greg, one of the biggest security policy concerns is the high potential of cyberattacks over unsecured home networks. Due to the increasing number of home workers, many are operating and transmitting sensitive information without a virtual private network (VPN), which can help protect privacy and reduce threats.
Moreover, he explained that threat actors have been callously targeting our pandemic fears – online threats have risen by as much as six times their usual levels over the past four weeks. Remote working makes it much harder to track and detect threats at an early stage, and this is a growing concern for many businesses.
“In our 2020 State of Malware Report we found that global businesses were a growing target – threats rose 13% in 2019 to about 9.6 million detections. This is likely to rise as businesses increasingly adopt a remote working structure due to the COVID-19 pandemic, though it will be harder to track over home networks, making security even more challenging. It’s a new remote reality that will likely have a lasting impact on the way we work moving forward, well beyond when quarantines are lifted.”
Phishing is still a big concern
Now, when it comes to remote working employees, Greg pointed out that phishing attacks continue to top the list. Phishing attacks are where victims are lured into clicking on a link or file attachment that contains malicious files, or aims to make the victim disclose personal information through a web link. It’s one of the simplest and most effective ways to hit a wide array of targets. It is estimated that an average of 1.4 million of these websites are created every month.
Another security pitfall lies in the telecommunication tools frequently used by remote employees. Associated cybersecurity risks have increased as a result – most notably the security exploits involving Zoom. Known as “Zoombombing,” this form of attack has seen a rise in popularity in recent months. Unauthorised users hack into a Zoom conference to capture screenshots of confidential screen shares and record video and audio from the meeting or shock attendees with inappropriate images. These culprits may sell the data they harvest on the dark web or use the information gleaned from Zoom meetings to orchestrate a convincing phishing attack in the future.
In fact, CSA have covered a number of “Zoombombing” cases reported recently, mostly involving employees working remotely. Web conferencing companies continue to add in new security protocols and patches to ensure they can avoid any incidences. The thing is, in an expansive work-from-home environment, businesses must consider that the device itself is the new perimeter.
As Greg puts it, “gone are the days of on-premise and office-based security. The term “perimeter” may even be outdated as we look at the shift to both personal devices and networks, embrace work travel, and reassess our security posture. The solution may seem simple, but it’s fundamentally crucial for individuals to install the latest security patches/updates on every device they own. Procrastinating on updates can open up entry points for threat actors that could devastate a business. This is especially important as VPN exploits are a hot target for cybercriminals.”
At the same time, individual employees are also advised to mute their microphones, cover their webcams when they are done teleconferencing, and lock their computer screen whenever they step away from their computer. These are among the measures recommended by SingCert (Singapore Computer Emergency Response Team) to stay cyber-safe while working remotely.
Securing remote workers is the new reality
Greg feels that cybercriminals will continue to exploit an increasing number of attack vectors as more employees and businesses continue adopting remote working on a long-term basis. Opportunities for cyber criminals such as phishing and malware attacks will help them steal critical business assets such as customer data and intellectual property.
“If we look at the remote working situation in Singapore caused by COVID-19 as a case study, we see that threat actors have been intensifying their malicious cyber activities by capitalising on Coronavirus fears to steal personal information and reap financial rewards. Remote working makes it easier for cybercriminals to target workers over less secure networks since many individuals may not be tech-savvy or aware of how to best protect themselves over home networks. Without real-time guidance and support from fellow colleagues and our IT teams, these employees are particularly susceptible to cyberattacks.”
This is why it’s even more essential than ever to conduct thorough and widespread security training across your entire organisation, with regular updates and instructions, calling out specific risks over home networks and detailing the best ways to guard against them. It’s also critical to empower your employees with the right security tools and resources to defend themselves, no matter where they are or what network they are using.
The COVID-19 outbreak has created opportunities for many businesses to focus on the importance of remote security (RemoteSec). The priority should be for businesses to get RemoteSec executed properly across their dispersed workforces. In the future, “working from home” may become a long-term trend as businesses continue to see the benefits, i.e. increased productivity, better work-life balance, reduction in commercial real estate investments, etc.
Even in the most typical office environments, there will always be employees travelling and working at home who need to be protected. Businesses should look to eliminate patch backlogs, operationalise and automate security for remote workers, as well as optimise remote device recovery processes in order to adopt the best possible remote security posture.
“Securing employees means you are securing the company – otherwise you’re looking at just securing infrastructure in a void. Human error remains the number one cause of breaches, so you cannot secure a business without investing heavily in securing and training employees. In order to reduce the threat of employees being irresponsible or uninformed, businesses need to lay out comprehensive security policies to cover all possible sources of attack, including the latest threats. Additionally, businesses should document and regularly practice their remediation plans, exploring the most critical and likely attack scenarios.”
Greg added that the most effective way to increase security is to continuously educate employees on cyberthreats and how to combat them. At the end of the day, cybersecurity is everyone’s responsibility, and every company’s infrastructure is only as secure as its weakest link.
It is paramount for businesses to train their employees to recognise and respond to cyberattacks. This means giving employees specific rules for e-mail, social networks, etc. and providing them with clear channels and protocols to alert their administrators to any suspicious e-mails or unusual activity.