Many of us have realized over the past few weeks that the IT infrastructure for communications we once took for granted now plays an important role in our day-to-day lives – and a critical role in our new reality. We need reliable, secure connectivity to stay in touch with friends, families and colleagues. We need it to stream video and entertainment. We need it to browse the internet, collaborate with colleagues and access company servers.
About the author
Steeve Huin, Vice President of Strategic Partnerships, Business Development and Marketing, Irdeto.
This has, of course, always been the case. However, what’s different now – in our ‘new reality’ – is that more and more of us are having to do all of the above while working from home. While businesses will have robust measures in place to defend their systems against cybersecurity attacks, most employees won’t have the same levels of protection at home.
Similarly, within a typical office environment you’ll probably have a number of desktop PCs, laptops and perhaps some smart video conferencing gear connected to a network – all of which will have to adhere to your company’s cybersecurity policies. Naturally, this set-up doesn’t exist in the typical home.
Many employees (as well as business and IT leaders themselves) will have laptops, smartphones, speakers, doorbells, lights, cameras, fridges, coffee makers, TVs, thermostats and a growing number of other smart home devices connected to a network. Unlike in an enterprise environment, there’s no requirement for these to have anything like the same defense mechanisms as office endpoints.
The result? Employees, businesses, and all of the data sitting on a company’s laptops and network are increasingly exposed to the threat of hacks and data breaches. The current period will be a tough time for many businesses, but that shouldn’t mean that cybersecurity is neglected.
So, with a significant number of us now working from home – and with this new reality likely to continue after a return to ‘normality’ – what are the cybersecurity threats we need to be aware of? How can these be tackled, and what kind of technical and behavioral changes should business and IT leaders implement and encourage?
Top three threats of working from home
First: it wouldn’t be surprising if the number of phishing attacks continues to rise significantly during the lockdown period, with hackers taking advantage of more people working from home. According to one recent report, there has been a 667% increase in phishing attacks since the end of February. The report identified 137 coronavirus-related phishing emails in January, 1,188 in February and over 9,000 in March.
Employees are more likely to open and action personal emails and visit non-work websites during the day if they’re not working from an office. In addition, there could be a rise in the number opening suspicious emails sent to their work inbox, as they do not have the opportunity to verify these with colleagues or run them past IT teams. There have also been reports of hackers exploiting the pandemic for profit, setting up fake charity websites and contacting victims pretending to be from public health bodies.
Second: we can expect a growth in the number of attacks made directly via the internet through misconfigured and unsecured routers.
Third: there will most probably be an increase in attacks executed through IoT connected devices, such as those listed earlier. With more people at home during the day, more of these devices will be switched on and in use, increasing the chance that they’re potentially exploited by hackers as entry points to a network.
Hackers get down to business
Usually, attackers using the above tactics would hope to gain access to things like personal financial information. Now however, there’s another motivator to launch attacks – the possibility of acquiring data from businesses, as remote workers log on to business servers and access/share/download corporate information on home networks.
Both businesses and consumers face significant financial damage from hacks. However, for businesses there’s also the potential for massive knock-on effects for their customers and partners, as well as the company’s reputation. Many firms are already suffering significant losses due to the current pandemic, meaning holding onto customer trust – and their customers themselves – is more important than ever.
There are means of preventing hacks though; of protecting employees who are working from home and securing networks and your business from cybersecurity threats. Investing in education and cybersecurity solutions now is therefore a sensible option to protect your business and your workforce in the long run.
A clever approach to smart devices
Many approaches to improving cybersecurity are straightforward, quick to implement and – best of all – totally free. Educating your employees on security best practices or even short courses in cybersecurity training should be a first step for all businesses. Update your security policies to reflect the shift from office to home working and make sure these are communicated clearly to employees.
Guidelines should include setting passwords on all IoT devices. Whether it’s a connected front door camera, a connected plug or another smart home device, most people leave these gadgets with easily guessed default passwords, making devices highly vulnerable to large scale attacks. Complex passwords – with over eight characters, a mixture of upper and lower case, special characters etc. – are a must.
Employees should also maintain the software and operating systems running on the devices they use within their home network. It’s easy to ignore updates, but they’re necessary in order for employees to protect themselves – and for your business networks and data to stay protected from the ever-evolving nature of cyber threats.
Password management for protecting IoT devices will only go so far. As long as there are smart devices in employees’ homes – and however complex the passwords for these are – there exist endpoints in a network which can be exploited by hackers. As well as ensuring employees secure the devices themselves, businesses can also increase protection at the home network level.
AI-driven security solutions that reside on home routers can help monitor and mitigate threats, ensuring vulnerable and even breached devices are adequately isolated. These can be quick and easy to implement, and can work as either as a software added into an existing internet router, or as an alternative internet router. In addition to cybersecurity benefits, such solutions can also provide employees with insight into Wi-Fi management and help to improve network connectivity, as well as providing options to apply parental control to devices children have access to.
Good cybersecurity will not materialize overnight. Creating a cybersecure business requires good security practices to be employed from the outset, in addition to a commitment to maintaining sufficient updates for all devices owned and run by your organization. Business and IT leaders must now ensure that they extend cybersecurity practices from the office to the home working environment. With buy-in from employees and easy-to-implement solutions, business and home networks can be secured and cyber threats reduced.