When the COVID-19 pandemic hit in early 2020, life changed for a long time, especially in the way we work. Though working from home is not a new practice, it has become the new normal. The increase in remote work has led to increased cyber threats against businesses of all sizes and industries. Remote work is likely not going anywhere, so companies must learn to prevent and effectively respond to cybersecurity threats that have become even more pervasive in the last year.
In this webinar, Chris Steffen of Enterprise Management Associates and Matt Petrosky of GreatHorn discuss the top threat vectors in an expanding attack landscape and the evolving tactics that cybercriminals are using in everyday communication channels to target users.
FREE On-Demand Webinar:
1. Home Network Attacks
Remote workers rely on their home networks and public networks. Neither of those is typically as secure as a company’s network. Other people use these networks, whether it’s their kids playing online games or a patron at their favorite coffee shop. Additionally, remote workers often use their personal devices to access work. These factors create easy platforms for cybercriminals to attack.
2. Misconfiguration
When the pandemic began, businesses were scrambling. The immediate goal was to keep employees productive, which led to a massive increase in the use of collaboration technology, cloud services, and remote access tools.
Unfortunately, most companies did not have the IT staff or resources necessary to accommodate these changes. Therefore, the rush to adapt resulted in misconfigurations in security, leaving companies open to cyber-attacks.
3. Phishing Attacks
Phishing attacks remain a threat, and the risk increases as cybercriminals grow smarter. Businesses have done a great job teaching their employees to watch for emails with broken English and illegitimate links. Unfortunately, this has only made criminals improve their tactics. Most phishing emails are now devoid of blatant spelling errors, and are more effective at creating URLs that appear legitimate when impersonating brands and tricking users.
For instance, a recent phishing scam resembles one from PayPal. If you hover over different sections of the email, such as the privacy policy section, it shows the link to PayPal’s actual privacy policy. The only illegitimate link is the one they tell the reader to click. And as the rest of the links seem legitimate, that reader has no reason to think the main one is not.
Other common email threats include invitations to Zoom calls or to Microsoft Teams that contain fraudulent links. Criminals also send emails to lower-level employees pretending to be executives. Those emails either contain fraudulent links or they authorize fraudulent purchases.
4. Ransomware Attacks
Ransomware attacks have also increased due to working from home. As with phishing scams, ransomware preys on human nature and human error. The attacks typically come through links in emails, in instant messages, and on websites. If the wording is relatable or interesting, the viewer will likely click on it. Though a lack of attention can contribute, cybercriminals are creating near-perfect replicas of legitimate messages and websites. Even those looking for signs of threats may not see them.
5. Compromised Credentials
Some phishing attempts are explicitly created to steal an authorized user’s credentials. This occurs when the reader clicks a link, gets taken to a malicious website, and enters their credentials. Once criminals have the credentials, they can either sell them or keep them for their own nefarious purposes. Either way, the company is compromised.
Tips to Protect Your Company
Cyber-attacks are steadily evolving, so your security measures will have to do the same. However, some tips remain the same.
- Conduct Regular Training
It is vital to carry out regular security awareness training and phishing simulations to keep people on their toes and aware of new threats. Try to keep the training relatable and engaging to help employees remember it. - Avoid Shame
Falling victim to cyber scams is not uncommon. Nearly everyone has fallen for one at some point, thanks to the intelligence and creativity of hackers. However, employees rarely report issues they notice due to shame. If you can alleviate the embarrassment, there is a much higher chance of them reporting security problems.Additionally, it is crucial to lead by example. Many executives also feel shame when they fall prey to a cyberattack, so they tell no one. Unfortunately, this lack of admittance can leave the door open to criminals. Instead, report any attack to your security team immediately.
- Implement a Layered Security Approach
No single security measure can provide all of the protection you need. Instead, it would be best if you used several approaches. For instance, you might use two-factor authentication and voice analysis for log-ins, and threat detection as well as biometric keystrokes for communication.Teach your remote workers to do the same. Many people believe that a VPN is enough to protect their personal networks. Though VPNs do offer some protection, they are not encryption tools but connectivity tools. Even if your remote workers use a VPN, they need additional security in place.
- Multi-Factor Authentication
Verify accesses for employees so the right people have the right information at the right time. Multi-factor authentication helps to keep these lines of demarcation clear.
How GreatHorn Can Help Your Business Stay Secure
One of the most effective security measures you can put in place for your company is implementing our Advanced Threat Detection which analyzes regular email content and communication patterns to pinpoint threats. It also scans for malicious links, suspicious URLS, attachments, and website attacks.
Along with several others, these features can help keep your company protected no matter where your employees work. Contact GreatHorn today to learn more about how they can help you provide a safe online working environment.