Over the last few weeks, we have been posting pro tips for those working from home during the COVID-19 outbreak. Today we take a look at what industry experts are saying as a new wave of cyberattacks prey on those working outside secure office environments.
“There are nation-states that are actively taking advantage of the situation, particularly our Cold War adversaries, and we need to be keenly aware that they are aware of the lack of security that is presented by everyone telecommuting” Tom Kellermann. Kellerman served on a presidential cybersecurity commission during the Obama administration. The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security’s cyber agency, underlined Kellermann’s concerns by issuing an alert on Friday pointing to specific cyber vulnerabilities around working from home versus the office.
CISA zeroed in on potential cyberattacks on virtual private networks (VPNs), which enable remote access to files. These networks may make it easier to work from home, but according to CISA, they also open up an attractive way for hackers to get in. “As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors,” CISA wrote. “Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.”
A common practice is phishing emails that target teleworkers to steal passwords and usernames. It is important to flag all suspicious emails and never share personal information through email.
CISA urged that organizations keep their operating systems updated and patched and be transparent with employees about the dangers of malicious emails, particularly those that use coronavirus fears to tempt individuals to click on them and download computer viruses.
The threat posed by malicious emails sent to those working from home was backed up by research published this week by cyber group Check Point, which found that cybercriminals were using concerns around coronavirus to push spam out. According to Check Point, since January, more than 4,000 coronavirus-themed web domains have popped up, with the company estimating that around 5 percent were suspicious and 3 percent malicious. The websites would likely be used as part of email campaigns to lure victims into clicking on dangerous links.
Another significant vulnerability is hackers accessing sensitive data through Wi-Fi networks. Individuals working from home should only connect to a secure, private network for their work to further isolate data.
One way to fight back against these attacks is by ensuring the employees are aware of the threats they are facing and educating the workforce. Provide security awareness training for remote employees and make them aware of possible dangers. A trained team is a safe team.