This article is not intended as a high-level cybersecurity discussion about the vulnerabilities in a corporate IT network arising from remote workers. Rather, it is about what regular people can do to strengthen their cybersecurity and mitigate the risk of cyberattack.
One of the most common myths about cybercrime goes something like this: “I am a nobody”, or “We are just a small business, no one would ever want to hack me/us!”
If you have ever thought this, you are both right and wrong. Firstly, outside of highly targeted attacks on governments, critical infrastructure and large corporations, very few cyberattacks are carried out by people. So, you are right. Most likely, no individual wants to try and hack you. However, the stereotypical image of a person wearing a black hoody, tapping away in a basement, is more a Hollywood throw-back to the early days of hacking than modern reality. Today, most cyberattacks result from automated bots scouring the internet looking for vulnerabilities that can be exploited, or automated mass email campaigns hoping to get a lucky hit. Cybercrime’s automated nature means that everyone is a target.
To help illustrate this point, let us quickly review some statistics around Cybercrime.
According to Global Cyber Security Experts ID Agent,
- A cyberattack is attempted every 39 seconds
- 700 million people in 21 countries experienced some form of cybercrime
- The damage related to cybercrime is projected to hit $6 trillion annually by the end of 2021
- Ransomware attacks rose 148% in March 2020
- Cloud-based attacks increased by 630% between January and April 2020
- Two in five SMBs have been the victim of a ransomware attack
- More than 80% of reported cyberattacks are phishing
- Phishing attempts have increased by more than 660% since March 1, 2020
- Organised crime gangs account for 55% of attacks
You would be hard-pressed to find anyone in the cyberspace who would disagree that cybercrime is on the rise and never more so than in the last twelve months. The Global Coronavirus Pandemic forced untold numbers of organisations and staff worldwide to shift to a work from home model to flatten the curve and limit the spread of the virus. And while some people ready for this type of arrangement, most weren’t.
The mass exodus of so many workers from highly secure and regulated corporate networks into home office environments, which lack the supervision, monitoring, security and controls of a typical corporate network, has made ripe hunting for cybercriminals.
If we look at what makes cybercrime possible at its most basic level, it is the fact that most of us are not IT experts.
Many of us do things without realising the importance and significance of what we are doing. For example, we open things without recognising specific warning signs or the impact that our actions might have. This is the case because we simply haven’t been told or had experiences that would lead us to act differently. To that end, we will discuss a few necessary steps that will significantly reduce your risk of falling prey to a cyberattack.
Poor Home Wi-Fi Security
For many of us, our homes have become our offices. If not full-time then at least a few days a week. And it looks like that may continue to be the case for some time to come. Therefore, the first step toward increased cyber safety should be hardening your cyber defences at homes.
Just like we have a lock on our front doors, we need a good lock on our home modem router. Whether you received your modem router from your internet service provider or you bought it, these devices come preconfigured with a username and password that allows you to access the device to set things like passwords and user privileges.
Failing to change the default username and password on your modem isn’t going to bring the country to a grinding halt, but security is like an onion, the more layers you have, the better it is. Every extra layer a potential attach has to overcome is one more chance that an attacker will simply give up and move onto their next victim.
Poor Password Security
Yes, this is basic house-keeping information and we should, by now, all know about the value of good password security. I am not going to labour this point because it is like telling people to have their neighbours collect their mail while away on holiday.
The only thing worse than having a weak password is using the same password for everything. If you want a quick fix, use a password manager. They not only generate strong passwords for you but also store them, so you only need to remember your master password.
Install and Maintain Antivirus and Malware Protection
Again, this is simple house-keeping, but it is truly amazing how many people still don’t do it. It only takes one piece of malware or one computer virus to ruin your day and possibly even your year (or business). As we heard earlier, Ransomware attacks rose 148% in March 2020, and the fastest way to become the victim of a Ransomware attack is not using security software and not keep it up to date. Get antivirus software, turn on auto-update and at the very least, that will amount to one less thing you have to worry about.
Here is where we start to get serious. One of the most significant cyber threats to remote workers can be found in phishing attacks.
According to Proof Point’s 2020 State of the Phish Report, 75% of organisations worldwide experienced some kind of phishing attack in 2020. Another 35% experienced spear phishing, and 65% faced BEC attacks.
Phishing is a form of social engineering which relies on tricking a person into divulging sensitive information. There is three types of phishing attacks:
- Spear Fishing and
- Business Email Compromise or BEC attacks
On its face, phishing and spear-phishing attacks may seem similar; however, there are some significant differences. Phishing emails, for example, are sent in bulk and easily deployed by those with nefarious intent. Such attacks are generally designed to elicit credit card data or login credentials and are typically a one-time attack.
In contrast, spear-phishing attacks are typically targeted at a specific individual. Because a spear-phishing attack often impersonates someone known to the target, it is more difficult to detect.
Furthermore, thanks to the abundance of available data about most people online, researching a target isn’t particularly hard.
Most experts would agree that spear phishing is most likely the number one security threat facing businesses today.
The importance of backing up cannot be understated. Aside from protecting important work against loss, this is also a crucial strategy for defending against a cyberattack. If you have a properly protected daily back up, you may have only lost a day’s productivity in the worst case. However, once again, you need to ensure your back-ups are subject to the same regular, rigorous virus and malware protection as your computer.
How many of you would be able to name five signs or symptoms that might indicate your computer is compromised?
Here are 6 sure signs you’ve been hacked, and what to do in the event of a compromise.
- You get a ransomware message
- You get a fake antivirus message
- You have unwanted browser toolbars
- Your internet searches are redirected
- You see frequent, random popups
- Your friends receive social media invitations from you that you didn’t send
Should any one of these occur, your first action should be to stop what you are doing immediately and shut down your computer, call your company’s IT manager and report your suspicions. If you don’t have an IT manager, you need to seek a suitably qualified IT professional. This is where that back-up we mentioned earlier will become invaluable.
Coming Back To Work
As we return to offices and schools, we need to be mindful that devices have been taken out of the office environment, where there were strict control and security measures. You need to exercise extreme caution when reintroducing any device or any files created outside your office, back into your trusted network.
Think of it like this; you have spent your entire life living in a secluded village where there is no illness, and then you take a month-long holiday to Amsterdam during COVID to experience all that life has to offer. What might happen when you return to your village if you don’t exercise extreme caution?
Getting back to work requires a balance. You can’t necessarily stop work until IT has vetted every machine coming back in. And then what if you are working from home part-time. Will IT be required to vet every machine every time it comes back into the office?
One strategy could be to employ technology that enables staff to share ideas and collaborate without needing devices to log into the office network.
There is no shortage of screencasting devices that enable one to share information between a computer and a display wirelessly. Apple TV, AirPlay, Chrome Cast and so on are just a few examples. However, all of these are one-way solutions. Users can display information, but only the person controlling the device can make changes. The best solutions enable groups to collaborate, which is why I like the BENQ Insta-show used in conjunction with the BenQ Duo Board.
The Insta-show is a hardware-based solution. It does not require the installation of drivers or other software which means it works, every time. It also means you don’t need to log in to the office network or have guests log into the network. It features WPA2 Authentication Protocol & AES 128-bit encryption in addition to being CVSS compliant while allowing multiple people to all cast to the board at the same time.
The DuoBoard also has onboard anti-virus and malware protection thanks to the use of McAfee software and incorporate the EzyWrite software which is proprietary to BenQ so you can annotate and mark up presentations in real-time.
Even aside from the security concerns, I find this particular combination creates a great work-flow that is simple, easy and requires no setup or special knowledge.
There is little doubt that remote work presents some unique challenges, but with some common sense, a little training, vigilance and some good tech, the risks are easily managed.
For more information on the BenQ InstaShow or DuoBoard visit BenQ