Blog

As we increasingly work remotely, either from home or from our favourite coffee shop, the lines between the private and corporate worlds are becoming increasingly blurred. Unfortunately, at the same time, the risks of compromised cyber security are getting greater. It's important to make sure you're adapting to the online threats of today and tomorrow, not the security risks of yesteryear.

Compromised email messages and phishing

Business Email Compromise (BEC) fraud, using targeted phishing messages, remains one of the most lucrative cybercrime categories and generates the highest revenue for criminals. In cases reported to the Federal Bureau of Investigation last year, victims lost a total of more than $2.7 billion. BEC crimes rely mostly on social engineering techniques and are often carried out by tricking the victim into approving a transfer of company funds to a compromised bank account under the control of the fraudster.

There are various methods by which this is achieved, such as impersonating a recipient or supplier in order to defraud actions or transactions between parties, and they can be successfully prevented through phishing awareness exercises. Any prevention methods should be applied in conjunction with investments in advanced email security, additional checks on any 'urgent' payment requests and strict procedures for any payment processes.

Phishing as such has been around for decades and is still one of the best vectors for initiating fraudulent access into company IT networks, and with a wide variety of defaults to distract employees when working remotely, the chances of success for such an attack are becoming increasingly high. Always be one step ahead and constantly adapt your phishing awareness exercises at the same pace as the scammers' tactics change. Live simulations can be a real help in changing user behaviour. Consider training your teams on phishing via text messaging or messaging (smishing), phishing via voice calls (vishing) and other new techniques that even include bypassing multi-factor authentication (MFA).

Working remotely or in hybrid mode

Working from home brings with it new security concerns. Since the beginning of this migration to hybrid-style working, experts have warned that employees are more likely to ignore security guidelines or policies or simply ignore them when in a more familiar environment, such as at home or another preferred remote work location. According to one study, 80% of employees who work from home admitted that in certain circumstances (Fridays or summer months) they are more relaxed and distracted. Involuntarily, by doing so, they can put themselves at increased risk of a cyber security compromise, especially when home networks and devices are not as well protected as their corporate counterparts.

Another risk is threats from public Wi-Fi hotspots. Employees can be exposed to Adversary-in-the-Middle (AitM) attacks, where hackers access a network and compromise data flowing between connected devices and the router, and to "evil twin" threats, where attackers can duplicate a malicious Wi-Fi hotspot that appears to be a legitimate one in a particular location.

Data protection

Penalties imposed for non-compliance with personal data protection by data protection regulators have increased substantially to a total of over €2.9 billion. This is a strong incentive for organisations to ensure that all their staff comply with data protection policies.

One of the best ways to keep in mind best practices for handling data involves keeping devices secure and reporting any incidents immediately to the relevant contact person, as well as prevention through the use of strong encryption and better password management.

For example, staff can benefit from an update on how to use the BCC (Blind Carbon Copy) function found in all standard email platforms, and the associated mistakes that can lead to inadvertent data leaks via email. The privacy of social media posts also needs to be considered.

Ransomware attacks

Another risk to users is ransomware attacks that rely on taking control of a person's or organisation's data or devices as a means of demanding money. For example, a cybercriminal may pose as a bank and send an email warning someone that their account has been blocked due to suspicious activity, asking them to click on a link in the email to resolve the problem. Once the link is clicked, the ransomware is installed.

What would be the options for removing and eliminating the ransomware attack. Contacting the responsible person in the organization and reporting the attack. Isolate compromised data to prevent the ransomware application from spreading to other areas of the network. Running an anti-malware program to remove the ransomware.

The best defense is antimalware protection. Fortunately there are many ways to keep your peace of mind and your digital life. Many ransomware attacks can be detected and blocked with a reliable antimalware service. Likewise it is recommended to move your data to the Coud environment, keep bakup copies ofline, keep your software up-to-date.

Cryptojacking

Cryptojacking is next to ransomware attacks. The attacker inserts a malicious script that uses the processing power of the user's device to mine cryptocurrency. Attackers use camouflage tactics to make their presence go unnoticed, however, if the computer boots slower; or if programs load much slower, if the processor sits at 100% and the fans are running at full blast, these are all tell-tale signs of cryptomalware. Using antivirus software can also detect, quarantine and remove such malware from your system.

Importance of training sessions

According to Verizon, 74% of the total number of global security breaches recorded in the last year include the "human element", most often identified as negligence, error or users falling victim to social engineering and phishing.

A key way to mitigate these risks is through security training and awareness programmes. In fact, the ultimate goal is not just to implement the knowledge gained during training or awareness sessions, but rather to change user behaviour in the long term. Trainers should provide advice on laptop security updates, password management, phishing and ransomware awareness, and the exclusive use of IT-approved devices for service tasks.

In conclusion we can note the need for organisations to implement well thought-out security policies and solutions based on strong controls and tools such as data encryption, mail server protection, mobile device management or even automating the discovery and treatment of vulnerabilities in applications and information systems.