With COVID-19 continuing to run its course across the United States, it is likely that remote work is here to stay. According to an Upwork workforce report, it is projected that over 36 million Americans will still be working remotely by 2025. This rapid increase in remote work has resulted in additional cyber threats for many organizations. Cybercriminals are capitalizing on remote workers by taking advantage of insecure personal devices and decentralized home Wi-Fi networks to gain access into businesses.
These devices and networks are not hardened to the same extent as the ones present at corporate locations. Additionally, misconfigured cloud security measures have put many organizations at risk of costly data breaches, which are often harder to detect when employees are working remotely. Due to these threats, there has been an increase in demand for services that can successfully identify, mitigate, and eliminate the risks that are associated with remote work.
What do these threats and issues look like?
Since the pandemic started, remote workers have been the number one target of phishing attacks that involve email accounts, text messaging, voice communication, and third-party applications such as Zoom. At the height of the pandemic, data security firm Barracuda Networks reported a 667 percent increase in phishing attempts across numerous platforms. Google also reported that at one point they were blocking over 100 million phishing emails per day.
Furthermore, an estimated 56 percent of Senior IT Technicians believe that employees at their company have adopted unsafe Cyber Security practices at home. This may include accessing company data from a personal email, exchanging files that are not encrypted, or using unsecure devices. This sharp increase in phishing attempts, along with more and more employees adopting unsafe cyber practice while working remotely has caused an upsurge in vulnerability.
There has also been an increase in credential stealing attacks, where cyber criminals create fake forms or login pages to steal credentials. They use the stolen credentials to access company data, encrypt the company’s data, and then demand a ransom in order to get the data back (often in the form of cryptocurrency, which is more difficult to trace). If the attackers feel that the victim has substantial backups of their data, they may threaten the release of data in order to pressure the victim into paying the ransom.
How can these attacks be prevented?
The first and easiest way to help prevent these cyber-attacks would be to use application based Multi-Factor Authentication (MFA). Application based Multi-Factor Authentication is using an app on one device to verify logins that occur on another device. For example, if I was logging into my email account on my computer, I would use an application on my phone to verify that login. Unlike SMS or voice Multi-Factor Authentication, application based Multi-Factor Authentication is encrypted, therefore making it a lot more secure and safe to use at home.
A second way to avoid cyber-attacks while working remotely is using what’s called Desktop as a Service, or “DaaS.” Essentially, Desktop as a Service turns your personal device into a work desktop so that one can access everything that may be on a company network. This is done by leasing virtual desktops via a cloud service. Desktop as a Service is very effective because if an employee’s personal device is compromised, no company data is lost because all data is stored on the virtual desktop, not the physical device. Popular Desktop as a Service platforms include Microsoft Virtual Desktop, Citrix, and VMware Horizon.
Lastly, organizations may want to implement a remote work security policy that includes routinely tested backups, requirements for all devices to stay updated, and a clear line of contact to a company Security Department. Most of these security issues come from a lack of training. Many employees still lack a solid foundation of technical skills and contextual understanding necessary to identify data security threats.
Educating remote workers on how and what to do to secure their network to limit “man in the middle attacks” is the latest obstacle that IT directors face. If you are facing any cybersecurity related challenges, please contact TestPros today. We offer a variety of services that will meet your cybersecurity needs.