The ongoing COVID-19 situation shifted our society to rely on remote working almost overnight. Unfortunately, where most people see chaos, hackers see opportunity. Therefore, the world is facing unbelievably high and still growing numbers of cyberattacks.
- Bad Security Practices Make Remote Working Riskier
- Remote Working In A Climate Of Uncertainty – An Invitation For Cyberattacks To Hit
- Returning To The Office Might Pose Some Security-Related Challenges
- Equip Your Employees With The Knowledge And Best Security Practices For Both Remote Work And Returning To The Office
While most people just want the pandemic to end and life to go back to what it was, hackers have never been more active. They know exactly when and where to strike for maximum financial benefits. And with remote working now being the new normal, it’s never been easier to launch successful attacks by preying on the weakest link: your employees.
While remote working makes life easier overall, there are a few downsides to consider.
Keep reading to uncover three major reasons why remote work exposes your company to a greater risk of becoming a target for cyberattacks.
Bad Security Practices Make Remote Working Riskier
The UK and US-based security firm, Tessian, recently conducted a survey that concluded that 56% of experienced IT technicians think their employees have picked up bad habits regarding cybersecurity while working from home. What’s even more concerning is that many employees agreed with that assessment.
Close to 39% admitted that their security practices at home became more relaxed than they should have compared to those practiced in the physical office. Half of this percent indicated that this is a result of feeling less observed by their IT departments.
“One of the main mistakes we’ve seen is moving company data to personal e-mail accounts,” says Henry Trevelyan-Thomas, Tessian’s vice-president of Customer Success.
“When you do that, it’s likely you don’t have any sort of two-factor authentication. This then makes it easier for attackers to exploit that data. If data is leaked, attackers compromise it, and it can end up in the wrong hands,” he added.
Remote Working In A Climate Of Uncertainty – An Invitation For Cyberattacks To Hit
Security specialists also indicated a substantial increase in the number of COVID-19 themed phishing emails. Taking advantage of remote working and the uncertainty created by the pandemic, the malicious emails targeted employees and were reported by many companies worldwide.
While that pandemic reached its peak last year, network security firm Barracuda Networks reported a massive 667% increase in phishing emails. Google also announced at the time that it was blocking more than 100 million phishing emails every day.
“Social engineering and phishing work best when there’s a climate of uncertainty,” said Casey Ellis, founder of security platform, BugCrowd. “As an attacker in that scenario, I’ve got a base of fear to work off of.”
Ellis went on to add that phishers may attempt to lure victims in with the promise of appointments for those who are unvaccinated against the coronavirus.
“You’ve got an entire population wanting the pandemic to end. They’re more likely to click on that,” he says. “I think that companies should proactively consider that it’s a really good time to invest in training to work through these kinds of scenarios.”
It’s worthwhile mentioning that the consequences of a phishing attack can be catastrophic for any company. While it’s true that large multinationals may be able to recover faster from substantial financial damages, a phishing attack can be devastating for small businesses.
Victims are paying more in the aftermath of an attack. For example, in May this year, the US insurance company CNA paid a jaw-dropping $40 million ransom – the largest ransomware payment ever reported. The attack took place on March 21st, and it blocked any access to the company’s network and stole its data.
The world’s largest meat processing company, JBS, paid a ransom worth $11 million after being forced to shut down operations at 13 of its meat processing plants.
Last year, in November, a Sydney-based hedge fund collapsed after a senior executive clicked on a malicious Zoom invitation URL. The company, Levitas Capital, suffered damages worth $8.7 million in the aftermath of the cyberattack and was forced to close, further confirming the fact that a cyberattack could put an end to your company, no matter the size.
“The hackers were able to access their systems, sending out multiple fraudulent invoices, and the damage was so great that their largest client pulled out of a planned multi-million-dollar investment,” says Tony Pepper, the co-founder of security firm Egress. “With enough pressure, businesses will fold.”
Returning To The Office Might Pose Some Security-Related Challenges
The Founder of Crown Jewel Insurance, Mary Guzman, urges organizations to carefully examine the devices that have been used for remote working purposes.
“Before anyone is allowed to use them, or connect to any corporate network, appropriate analysis, and protective measures should be taken to ensure malware is not present,” she said. “Until that can safely take place, perhaps personal devices should not be allowed back in the office.”
Mrs. Guzman also said that employers have only two options in the given situation: to re-train their staff on cybersecurity matters or to suffer the consequences of not doing so.
Trevelyn-Thomas from Tessian highlighted that cyberattacks aren’t going away anytime soon and warned that they are likely to become the new normal.
“This isn’t a short-term phenomenon. It’s a long-term issue… this is the new world that we live in.”
Equip Your Employees With The Knowledge And Best Security Practices For Both Remote Work And Returning To The Office
Implementing a solid and comprehensive and solid security awareness training in your company needs to be next on your to-do list. Danger won’t wait and disaster can strike at any time.
Trust us with your employees’ training. Here, at ATTACK Simulator, we take cybersecurity seriously. For example, we know that most ransomware attacks are carried out through phishing, which is why we focus on training, educating, and equipping your staff with the best up-to-date security practices they need to spot and deflect phishing attempts.
Train your staff to stay away from cyberthreats with Attack Simulator’s comprehensive 4-Step Phishing Simulations.
Source:
Yahoo News news.yahoo.com/why-remote-working-leaves-us
Feature Image: Photo by Chris Montgomery on Unsplash
