According to a recent BBC article, a recent survey from the UK and US-based security firm, Tessian, found that 56% of IT departments believe their employees have picked up bad cyber-security habits while working from home. Worryingly, the survey found that many employees agreed with that assessment (39%).
COVID themed phishing scams
According to the BBC, experts warn of significant growth in the number of coronavirus-themed phishing emails targeting employees, being reported by several companies around the world. During the height of the pandemic in 2020, network security firm Barracuda Networks said it had seen a 667% increase in malicious phishing emails. Google also reported, at the time, that it was blocking over 100 million phishing emails daily. Furthermore, in November 2020, a Sydney-based hedge fund collapsed after a senior executive clicked on a fraudulent Zoom invitation. The company – Levitas Capital – reportedly lost $8.7m to the cyber attack and was forced to cease trading.
What can be done? Educating employees on how to identify and avoid phishing scams can greatly reduce the risk cyber attacks pose to company data security. Continuous training to maintain the knowledge – through phishing tests and online courses – and build a strong workplace culture of cyber-security. Take a quick test here: https://phishingquiz.withgoogle.com/
Insecure home Wi-Fi
Without delving into the technicalities, we recommend that you should not have a home router that is running WEP encryption, as this is insecure and according to our service manager, “with the correct tools the network would be accessible within 30 seconds”. Most modern routers should have WPA encryption; this is much more advanced and difficult to crack.
What can be done? We recommend updating home Wi-Fi routers if it is running WEP encryption. Furthermore, as a general rule, change the default Wi-Fi password.
Unencrypted file sharing
While it makes sense for companies to encrypt data stored on their network, they may not consider encryption when transferring it from one location to another. This leaves often sensitive information vulnerable to interception from a hacker, which can have devastating effects such as financial fraud, identity fraud and loss of reputation.
What can be done?
Sensitive information should be encrypted when sent via phone or email. Outlook is a widely used email platform, and provides features that convert plain text emails into scrambled text so that only the recipient with the key can decrypt the message. At IT Positive we offer rock-solid email encryption software that can be added to your Outlook.
Hackers know that human error is easier to exploit than sophisticated security software such as VPNs, firewalls and other cybersecurity software that companies often use to safeguard your remote network. This is why hackers initially attempt to hack account passwords to access company data. Methods hackers use to crack passwords and access poorly protected accounts include, compiling lists of commonly used passwords and writing code to attempt to crack a password by means of brute force.
What can be done?
As a general rule, including personal information in passwords should be forbidden, as well as writing down the password, whether it’s on a sticky note or in a mobile notes app. If you find the need to write down passwords to remember them, it would be worth considering a secure password manager.
Here at IT Positive, we can assess your companies remote working cyber-security risks and provide resolutions to questions or queries. So if you would like to chat through your options, please contact us on 01376 653 115