According to Workplace, in 2019, “60% of remote-capable employees spent their week working fully on-site, whereas that figure has fallen to just 20% in 2023.” Additionally, hybrid work has increased significantly, and is on the way to becoming the most prevalent work arrangement in most offices. The COVID-19 pandemic had a clear impact on the way businesses function. These effects have lasted over to post-pandemic times. Because of this, it is more important than ever that we consider exactly how our climate has changed, the threats that exist, and what we can do to remain secure in this fast-paced world.
Threats to at Home Workers
According to a report by Cybersecurity Ventures, “global cybercrime costs…could reach $10.5 trillion per year.” To put this into perspective, “this is more than the profits made by the entire illegal drug trade combined.” Clearly, cybercrime is a huge threat to our companies and families and is only seen to be growing.
Criminal activity on the dark web has also grown exponentially since the pandemic started. Additionally, trends such as malicious actors implementing social engineering techniques have only made their attacks more effective overall. For example, hybrid vishing attacks have been seen more and more. One example of a hybrid vishing attack is when an attacker sends a phishing email that includes a phone number for “technical support.” The target may then call the included number and unknowingly reach a vishing call center manned by malicious threat actors, who then elicit personal or company information. Unfortunately, these are the kinds of attacks we are witnessing day to day.
Strengthen Your Human Firewall
Since the way we work has evolved over the years, companies can no longer rely solely on their on-site internal technology infrastructure to maintain tight security. This is especially true regarding attacks that utilize social engineering techniques. Rather, companies need to stay up to date on the latest attacks and techniques, then disseminate this information through the proper channels to effectively reach all their employees. While employees are a large target for malicious attackers, they are also the first line of defense for companies. This is why it is so important to continually train and strengthen your human firewall.
How to Remain Secure Remotely
Now that we know the importance of remaining secure while working remotely, we need to look at the how. While this topic could be discussed for hours, let’s look at some simple ways you can get started. (For a more in depth look at these tips, please view our blog, here.)
Updates
Many devices have the option for automatic updates, which should be enabled if offered. If automatic updates are not offered, you will need to check for updates regularly.
Antivirus
Implementing antivirus software across devices is another simple way to further secure your connected devices. Such programs can perform automatic scans for you and alert you to any potential weaknesses in your system. Choosing an antivirus software for your needs requires a little research but is well worth the time.
Wi-Fi Network
To start, it is of key importance to change the factory-set password and username. To assist you with secure, unique passwords and remembering your passwords, we recommend using a password manager.
MFA
Enabling multifactor authentication (MFA) is a way to ensure that the only person who has access to your account is you. At its core, MFA is a security enhancement that requires the user to present two pieces of evidence when logging in to an account. It adds an additional layer of security, which makes it harder for attackers to log in as their target.
Social Media
Sharing on social media may not be the first thing you think about when it comes to keeping your company secure. In reality though, social media platforms can be a major source of information for malicious attackers. If you want to post but are unsure if it is oversharing, you can start by mentally running through the following checklist:
- Am I revealing any Personally Identifiable Information (PII)?
- Will this post contain department names, reference corporate policies, or identify partners/vendors we work with?
- Does the post violate any social media policies my company has?
- Does the image display physical items such as, my badge, computer, or uniform?
- Are there any clues to passwords or personal codes in the image? (I.E., a sticky note with a password written on it.)
- Are there location clues in the photo, such as street signs, location markers, or other such hints?
- Is my social media account publicly available for all to explore?
While this is not a comprehensive list of things to avoid posting, it does give you a starting point of things to look out for.
Unknown Links
Many security breaches, as noted above, can be traced back to phishing emails. Be sure that you know the sender of the received email, the sender’s address, and that any requests in the email make sense before you even think of clicking on a link or calling a phone number in it.
Use a VPN
While working remotely (or possibly even in the office, depending on circumstances), you should always use a virtual private network (VPN) to connect to corporate resources. A VPN creates a private network from a public internet connection. They establish encrypted connections that can keep your data secure. This added layer of security should be a staple in your work security measures.
Steps to Security
Since hybrid work and criminal activity has increased over the years, it is more vital now than ever to be on guard. There are many practical ways we can go about this, such as applying the above tips, and becoming familiar with social engineering techniques. If you have already taken these steps, take one more by testing your employees with professional, certified, ethical social engineers. You can learn more about how to do this and what is involved here: https://www.social-engineer.com/managed-services/. We look forward to working with you!
Written by:
Shelby Dacko
Team Coordinator and Human Risk Analyst