In the spring of 2020, as millions of employees were working from home due to executive orders, there was another threat lurking besides COVID-19—cybercrime.
It was discovered that a Russian hacking group, aptly named Evil Corp, was actively targeting newly remote employees. These criminals were using ransomware to get inside workers’ networks, cripple their operations, and demand millions of dollars to restore access to their data.
As the popularity of video conferencing platforms soared, cybercriminals were using the technology to launch attacks. Some hackers would join a meeting uninvited to listen in on confidential conversations, while others would send fake meeting invites in an attempt to insert malware and steal data.
These are just a few examples. The FBI reports that the number of complaints about cyberattacks is up to as many as 4,000 a day. That represents a 400% increase from what they were seeing pre-pandemic.
The key target? Remote workers.
Biggest Threats Facing Remote Workers and How to Avoid Them
Insecure Home Networks
Companies go to great lengths to maintain the security of their IT network—performing audits and utilizing networking monitoring tools and anti-virus software. The problem is many employees use their personal technology when working from home. With consumer-grade firewalls and antivirus software that’s not up to date, home computers pale in comparison when it comes to security.
Remote workers should be restricted to the use of company devices. Workers should also avoid accessing free wifi available at public places like cafes and restaurants. Hackers target these environments, putting your organization at risk.
More Sophisticated Hackers
Cybercriminals continue to evolve their tools, techniques, and procedures. With the number of people working from home, they now have a broader audience in which to target.
To thwart these attacks, ensure that your employees’ hardware and software is up to date with the manufacturers’ current releases. Companies should utilize two-factor authentication to ensure remote access is granted to the proper individuals to reduce the risk of outsiders gaining access to their network.
Your biggest threat is from your employees falling prey to an attack. According to a recent survey of employees, 79% believe they can distinguish a phishing message from a real one. However, nearly half (49%) admit to clicking links from unknown senders at work.
The key to protecting your organization is to education. According to Jess Cary, Founder and Partner at Balance Point, “Best practices begin with making sure employees understand what confidential information is—what PII (Personally Identifiable Information) is, and then identifying what the major threats are to your organization.”
Get outside help. Jess advises bringing in a third party that specializes in security awareness training to deploy formal cybersecurity education to your workforce. These firms offer a combination of online training, visual reminders, and simulated phishing attacks to test your workforce.
Where Do You Go from Here
As the pandemic wears on and businesses continue to support remote work, companies need to take cybersecurity seriously. Having a formal information security policy, a document that sets your internal standard for security, is essential.
Jess recommends “dusting off your security policy to include work from home procedures that employees need to follow to protect your organization. The business landscape has changed, businesses need to evolve to survive.”