Opinion: the mass move towards remote working during the Covid-19 crisis has increased cybersecurity threats and risks
Companies and businesses will have built policies and procedures over many years which protect individual and organisational infrastructure. But unless a significant percentage of employees had previous access to proper remote access technologies, there is a real risk of employees making bad choices when working from home.
One instance is an increase in ransomware attacks, which are a serious problem in enterprises at the moment. Ransomware is simply horrendous. Once a device is infected, it typically encrypts all potentially important documents on the computer and any attached network drives and starts a counter that once it reaches zero removes the files. The only solution to most of these is to pay the scammers. It is the deadliest scam at this moment and will increase due in part to the rise of cryptocurrencies which allows the scammers to remain anonymous.
Recently, we have also seen a dramatic rise in Ransomware Denial of Service attacks using crytocurrencies as the payment method. Here, the hackers threaten to bring a site to its knees unless the ransom is paid. Again, this is a new avenue and a growing treat from home users and businesses right up to large scale systems as the hackers can now demand payment just to leave them in peace.
From RTÉ Radio 1's News At One, Misha Glenny on the 2017 ransomware cyber attacks
The increased risk due to remote working is that employees may be using non-standard email or messaging systems which fail to properly filter out the emails which carry the threat. Employees could also be tempted to use public WiFi without using a virtual private network (VPN) and this can leave them exposed to what is known as man in the middle attacks which often pose as fake WiFi hotspots.
The coronavirus pandemic has seen a dramatic rise in people using video conferencing technologies such as Skype, Facetime, WhatsApp, Houseparty and Zoom. The latter in particular has gained a new audience, with 62 million downloads during a single week in March, and it become one of the top apps on Android and Apple. It has also led to a new wave of harassment which is known as Zoombombing. This is where people login to active zoom video conferences and share pornographic images or simply shout racist comments. The Jewish community in particular has been targeted.
There are some protections that one can do on Zoom to prevent this such as not sharing the meeting ID in public forums. You should also not share a personal meeting ID with someone else as third parties will always be able to check if there is a meeting in progress and potentially join it if a password is not configured. It is best practice to create waiting rooms for attendees to prevent users from entering the meeting without first being admitted by the host. Of course, the host should be present before meeting starts and if everyone has joined the meeting then simply lock the meeting so that nobody else can join. You should also prevent participants other than the Host from sharing their screen and you can password protect meetings.
From RTÉ Radio 1's The Business, Louise Campbell of Robert Walters Recruitment discusses Zoom etiquette
Virtual Private Networks
Virtual Private Networks (VPNs) are an obvious way to secure data between remote workers and core systems. In an ideal world, organisations would have a zero-trust network system deployed. This can be difficult to implement in response to coronavirus however, as it should ideally be rolled out in a phased manner which entails pilot projects and tweaks in a safe environment before deployment. If an organisation has not yet embraced the concepts of privileged access and least privilege, or still uses shared accounts for access, zero trust is probably not going to work.
Removing administrative rights, managing accounts and passwords, eliminating shared accounts, incorporating session recording, enforcing network communications are the primary features of Privileged Access Management. Extending that to zero trust only succeeds when implemented correctly and the rest of the organisation embraces zero trust for automation. Businesses should ensure that employees have up-to-date security protection on any devices such as virus checkers, firewalls and device encryption.
Another basic protection for organisations to mitigate risks when employees work from home is to deploy mobile device management. Even Windows 10 now enables devices to connect to a cloud-based Azure Active Directory (AD) which bolsters the existing support in Windows for the traditional version of Active Directory. Users can log in to Windows with Azure AD accounts, and they can mix both AD and Azure AD together. Windows 10's mobile device management options allows multiple users who share a single device to have full control over the Windows Store, VPN, device-wipe capabilities, and configuration of Enterprise Data Protection policies.
You should also change default passwords on devices, close out old accounts and do not open links or attachments in suspicious emails
Whether working remotely at home or in the office, many of the risks remain the same. Best practice remains to keep software updated, use different passwords on all sites and register with haveibeenpwned.com to see if your personal details have been released in previous website hacks (and register your email to receive future notifications). You should enable two-step authentication when offered so a hacker cannot login without access to your mobile phone and this ultimately makes it much harder for an attacker to hijack your account;. You should also change default passwords on devices, close out old accounts and do not open links or attachments in suspicious emails.
The views expressed here are those of the author and do not represent or reflect the views of RTÉ