Skip to main content
Protect Yourself

Remote and Hybrid Working Security

According to Workplace, in 2019, “60% of remote-capable employees spent their week working fully on-site, whereas that figure has fallen to just 20% in 2023.” Additionally, hybrid work has increased significantly, and is on the way to becoming the most prevalent work arrangement in most offices. The COVID-19 pandemic had a clear impact on the way businesses function. These effects have lasted over to post-pandemic times. Because of this, it is more important than ever that we consider exactly how our climate has changed, the threats that exist, and what we can do to remain secure in this fast-paced world.
Remote and Hybrid Working Security

Threats to at Home Workers

According to a report by Cybersecurity Ventures, “global cybercrime costs…could reach $10.5 trillion per year.” To put this into perspective, “this is more than the profits made by the entire illegal drug trade combined.” Clearly, cybercrime is a huge threat to our companies and families and is only seen to be growing.

Criminal activity on the dark web has also grown exponentially since the pandemic started. Additionally, trends such as malicious actors implementing social engineering techniques have only made their attacks more effective overall. For example, hybrid vishing attacks have been seen more and more. One example of a hybrid vishing attack is when an attacker sends a phishing email that includes a phone number for “technical support.” The target may then call the included number and unknowingly reach a vishing call center manned by malicious threat actors, who then elicit personal or company information. Unfortunately, these are the kinds of attacks we are witnessing day to day.

Strengthen Your Human Firewall

Since the way we work has evolved over the years, companies can no longer rely solely on their on-site internal technology infrastructure to maintain tight security. This is especially true regarding attacks that utilize social engineering techniques. Rather, companies need to stay up to date on the latest attacks and techniques, then disseminate this information through the proper channels to effectively reach all their employees. While employees are a large target for malicious attackers, they are also the first line of defense for companies. This is why it is so important to continually train and strengthen your human firewall.

How to Remain Secure Remotely

Now that we know the importance of remaining secure while working remotely, we need to look at the how. While this topic could be discussed for hours, let’s look at some simple ways you can get started. (For a more in depth look at these tips, please view our blog, here.)

Updates

Many devices have the option for automatic updates, which should be enabled if offered. If automatic updates are not offered, you will need to check for updates regularly.

Antivirus

Implementing antivirus software across devices is another simple way to further secure your connected devices. Such programs can perform automatic scans for you and alert you to any potential weaknesses in your system. Choosing an antivirus software for your needs requires a little research but is well worth the time.

Wi-Fi Network

To start, it is of key importance to change the factory-set password and username. To assist you with secure, unique passwords and remembering your passwords, we recommend using a password manager.

MFA

Enabling multifactor authentication (MFA) is a way to ensure that the only person who has access to your account is you. At its core, MFA is a security enhancement that requires the user to present two pieces of evidence when logging in to an account. It adds an additional layer of security, which makes it harder for attackers to log in as their target.

Social Media

Sharing on social media may not be the first thing you think about when it comes to keeping your company secure. In reality though, social media platforms can be a major source of information for malicious attackers. If you want to post but are unsure if it is oversharing, you can start by mentally running through the following checklist:

  • Am I revealing any Personally Identifiable Information (PII)?
  • Will this post contain department names, reference corporate policies, or identify partners/vendors we work with?
  • Does the post violate any social media policies my company has?
  • Does the image display physical items such as, my badge, computer, or uniform?
  • Are there any clues to passwords or personal codes in the image? (I.E., a sticky note with a password written on it.)
  • Are there location clues in the photo, such as street signs, location markers, or other such hints?
  • Is my social media account publicly available for all to explore?

While this is not a comprehensive list of things to avoid posting, it does give you a starting point of things to look out for.

Unknown Links

Many security breaches, as noted above, can be traced back to phishing emails. Be sure that you know the sender of the received email, the sender’s address, and that any requests in the email make sense before you even think of clicking on a link or calling a phone number in it.

Use a VPN

While working remotely (or possibly even in the office, depending on circumstances), you should always use a virtual private network (VPN) to connect to corporate resources. A VPN creates a private network from a public internet connection. They establish encrypted connections that can keep your data secure. This added layer of security should be a staple in your work security measures.

Steps to Security

Since hybrid work and criminal activity has increased over the years, it is more vital now than ever to be on guard. There are many practical ways we can go about this, such as applying the above tips, and becoming familiar with social engineering techniques. If you have already taken these steps, take one more by testing your employees with professional, certified, ethical social engineers. You can learn more about how to do this and what is involved here: https://www.www.social-engineer.com/managed-services/. We look forward to working with you!
Written by:

Shelby Dacko
Team Coordinator and Human Risk Analyst

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now