Rising Cybercrimes In The Remote Workforce Era: 5 Ways To Ensure Cybersecurity

While the COVID-19 pandemic was at its peak, cybercriminals took it as an opportunity and ransomed millions of dollars from many businesses, primarily IT, financial, healthcare, and insurance companies. With almost every business undergoing digital transformation, cybersecurity will become a major concern. How should you improve your company’s cybersecurity policies in these situations? Scroll down to know!

Cybersecurity
Security
Remote Workforce

If we must talk about one unmissable change that the COVID-19 pandemic has brought about, it is the work-from-home normal. Considering the soaring productivity levels due to flexible work timings and commute-free work environments, most organizations across the globe are continuing to offer a large section of their workforce the flexibility to work from the comfort of their homes.

According to a survey from Gartner, around 48% of IT organizations will give employees the choice of working remotely full-time once the pandemic is over, while 83% of corporate companies across the globe have already given the option of working from home at least one day a week.

With this major shift in working conditions, have led to an unprecedented surge in cybercrime as the hackers are now have more vulnerabilities and more victims to pick from.

A Case of Increase in Cybercrimes

REvil, a cybercrime group, admitted that it encrypted more than 1 million systems in the US through Kaseya, a renowned software provider in 2020.

On 4th July 2020, i.e., the US Independence Day, a cybercrime group called REvil wreaked havoc on almost 1000 companies in the US by stealing data through cloud-based networks. They took the holiday as an opportunity knowing very well that most IT experts and cybersecurity professionals would be off enjoying their weekend.

The group then demanded $70m in Bitcoin as ransom to recover all the stolen crucial data.

Experts have warned that such cyber-attacks are bound to become frequent and suggested that businesses not underestimate the pandemic’s adverse impact and remote working on an organization’s cybersecurity.

According to an INTERPOL assessment, from January to April 2020, almost 900,000 spam messages, 700+ incidents related to malware, and around 500,000 malicious URLs – all related to COVID-19 were detected.

Reasons for Higher Cybersecurity Breach During Remote Working

According to a recent Tessian survey, almost 60% of IT administrators and technicians believe that employees have started practicing bad cybersecurity habits while working from home.

Nearly 39% of the employees admitted this survey to be true and conveyed that these bad cybersecurity practices result from less scrutiny from their IT departments since the COVID-19 pandemic.

Here are some of the bad cybersecurity practices that took birth amid the pandemic:

1. Using less secured home networks for professional use

Small businesses have given the leverage to their employees to use their personal email accounts and home networks. Unfortunately, most of these home networks lack protection and are easily prone to attacks by cybercriminals.

2. Leveraging mobile phones for office meetings

Many employees are now using their own devices for two-factor authentication and mobile versions of video conferencing tools like Zoom and Teams. Unfortunately, despite the convenience, when this fine line between personal and business use is put at stake, you are inviting cybercriminals to build a store in your network.

3. Not installing firewalls and other security software

Phishing emails are a major source of increased cyber threats. As per a recent report, there has been a 600% spike in these emails since February last year, owing to hackers spamming the inboxes due to the lack of firewalls and other security tools on employees’ personal devices.

4. Being oblivious

While working from home, employees are constantly distracted by social connections, spouses, children, and other personal factors. In such situations, many employees work late to manage deadlines. This can lead to lethargy and lack of motivation where employees are liable to make errors that can jeopardize the company’s security.

For example, when an employee’s mind is off work, they become less attentive to small details and might rush an email with a confidential document to the wrong person. This can compromise the security of the organization, in turn, welcoming cyberattacks.

The changing nature of cyberattacks amid the pandemic

The majority of the new attacks from cybercriminals have been seen to deploy a form of machine learning that adapts to its environment while remaining undetected.

According to Cynet, cybercriminals are upping up their hacking game and are coming up with new malware to infiltrate potential systems. With this, the cyberattacks have increased from 20% to 35% before and during the pandemic.

Here are some of the newer ways hackers are implementing to attack your cyber landscape:

1. Phishing Attacks

As per a recent F5 labs report, from 2020 to date, almost 60% of phishing sites have been using target brand names in their website addresses, the major target brand being Amazon.

With the revised working conditions of corporate companies, the threat actors have also updated their usual online scams. Phishing attacks, in particular, are becoming more sophisticated as scammers are now using machine learning to adapt to user behavior. For example, during the start of the vaccination drives, when the vaccines went out of stock, more phishing campaigns have surfaced to persuade the victims to pay a ransom and buy the vaccines. According to a revised phishing and fraud report, phishing incidents rose 220% when the pandemic was at its peak. As per a recent F5 labs report, from 2020 to date, almost 60% of phishing sites have been using target brand names in their website addresses, the major target brand being Amazon. Paypal, Apple, Netflix, and Instagram were also in the list of the top 10 most impersonated brands by the threat actors. F5 Labs also observed that cybercriminals are attempting to use stolen passwords within a span of four hours of phishing a victim. Several cyberattacks even occurred in real-time, enabling the threat actors to capture multi-factor authentication (MFA) security codes. With a shift to the work-from-home model, employees in financial services, health care, and retail have become the major victims of these phishing scams. According to Verizon’s Chief Information Security Officer, Nasrin Rezai, insurance executives have majorly fallen into the trap of ransomware and phishing extortion attempts in 2020. Moreover, “credential stuffing,” where stolen credentials from one website are used to breach accounts on another site, has also become popular amid the pandemic.

Future Threats

According to Shape Security research, there are two imminent phishing attacks on the horizon.
  1. With the updated botnet security controls, threat actors will start to implement “click farms”- a bunch of remote workers attempting to log into a target site with the recently used credentials. This manual fraud will be executed using a standard web browser, making the activity harder to detect.
  2. There will be an increase in real-time phishing proxies, which can capture and use multi-factor authentication (MFA) codes. These proxies have the capability to intercept a victim’s transactions within a real website that can even steal or reuse the session cookies.

2. Social Engineering

A wide range of malicious efforts that employ psychological tricks to persuade users to make security mistakes or divulge sensitive/personal information.

Employees who are less vigilant while working from home are often prone to these social engineering attacks. Social engineering is executed using many methods by threat actors:

  • Spear Phishing: It is a type of phishing targeting one specific individual.
  • Baiting: Tricking an individual to download a movie or music file to infect their system with malware.
Improve Product Quality - Techigai
  • Spoofing: Cloning the real websites to obtain sensitive information from reputed corporate websites.
  • Caller ID Spoofing: The spammer keeps their caller identification in disguise while making a call, and when a victim answers, the caller uses spam scripts to steal personal information.
  • Quid Pro Quo: A type of social engineering technique in which the attacker tries to trade information for services. An attacker may contact the main lines of firms purporting to be from the IT department, hoping to reach someone who was having a technical issue as a quid pro quo. Once the attacker has identified a user who requires technical support, they may say something like, “I can solve that for you. I’ll only need your login details to do that.”

Future Threats

  • The remote work has made organizations adopt the cloud to store and share data. Attackers will also look for ways to hijack this cloud data. This is called “content phishing” – a form of social engineering that involves the usage of vicious apps that seek permissions from the victims instead of asking for passwords.
  • Business emails will be vulnerable to cybercrimes as almost every organization lately is heavily reliant on emails for communication. By faking as a trusted identity, the threat actors convince the victims to pay invoices or to transfer funds.

5 Ways To Protect Yourself From Malicious Cyberattacks

1. Anti Virus/Malware Software

This may sound like an obvious one, but a lot of organizations fail select the right-fit software or keep them updated to the latest version.

If, as an organization, you are allowing your employees to use a personal laptop or PC for work, make sure you get the antivirus or malware software installed. Not just this, because computers are continuously threatened by new viruses, it is critical to keep antivirus software up to date with regular updates. Anti-virus updates include the most recent files required to combat new threats and safeguard your machine.  Though antivirus may not be a fortified support to protect you from all sorts of cybercrimes, you can definitely be free from low-level cyber-attacks.

2. Secure Collaboration Software

Invest in secure collaboration software that allow your employees to securely connect with each other in addition to having multi-factor authentication and safe file-sharing options.

There is no denying the importance of video meetings to a remote workforce. This has given rise to attacks where much of the data is stolen from these video platforms themselves, many a times unbeknownst to the users.

For instance, there was an incident of “zoombombing” last year where spammers joined business meetings on zoom and broadcasted shock videos. Here, zoom’s default settings were to blame as the app doesn’t allow users to set passwords for meetings. Webex Teams was another vulnerable app that inadvertently allowed attackers to execute codes on systems.

There are a lot of secure collaboration software helping businesses run smoothly and securely even with a large number of remote employees such as ClickUp, Microsoft Teams, Asana, Huddle, Clarizen, Slack, and more.

In addition to this, you can also invest in a host checking tool that can secure the position of the endpoint before giving access to corporate files or data, which enables you to ensure security no matter where your employees work from.

3. Regular Audits and Assessments

Almost every IT system has some weakness, which is the reason companies must run tests to identify and fix the most critical vulnerabilities.

As a company, you must frequent hardware testing of components and vulnerability scans, in addition to examining whether the existing security controls are robust enough to handle high-end attacks. Apart from these, you can ensure the security of the systems by:
  • Installing VPNs: Virtual Private Networks give an extra layer of security to the IT systems, especially while working from home with the personal network.
  • Using Encryption: Implement full disk encryption to your computers and laptops before handing them over to employees. Leverage this option for sensitive emails, confidential data, transactions, and other corporate purposes. Make sure you don’t send the password for decryption in the same mail as you send the encrypted document.
  • Setting Up Web and Email Filters: To prevent spam messages from flooding your employees’ inboxes, install web browser and email filters. This will ensure your employees won’t click any hazardous links in these emails and pop-ups.
  • Updating Frequently: Any internet connection can be a playground to hackers. So, it’s mandatory that you frequently update your connections, OS, applications, and system securities to limit the possibility of being hacked.

4. Cybersecurity Awareness for Employees

Employees, often unintentionally, become are the primary cause of information breaches happening in an organization.

A cyber-vigilant workforce ensures the best protection of your sensitive business data. Every employee ought to know 3 things: • How to deal with business information while working from home. • How to strike a balance between the permitted use of personal and professional emails. • How to handle when a cyberattack occurs.

So, you need to provide the required training to all the employees on protecting your valuable data. For additional safety, make your employees sign the information policy. Here’s what you need to cover during the training:

1. Risks of Using Unsecured Networks

Sometimes, due to inconvenience or lack of access, employees tend to use personal devices like mobile phones or tablets to continue with their work. As home networks can be insecure, you must educate them on using both personal and corporate devices to minimize the risk of being attacked.

2. Discourage the Practice of Password Sharing

It is a common practice for employees to accidentally give access to their passwords to third parties. Teach how sharing passwords can affect your company’s security. Install a password manager if possible, so your employees can store all the passwords in one place. Educating them using strong and unique passwords for each site.

3. Handling a Cyberattack

An attack can occur despite your safeguarding efforts. So, you need to have a disaster management plan ready to recover from the attack sooner. When an employee notices some data theft, they must instantly notify the auditing team or the cybersecurity professionals at your workplace. Inform your employees to not shut down the system before informing the incident to their higher authorities.

5. Cybersecurity Insurance

Zero trust is a security model where users or devices are granted access to files or applications only if they are authorized to do so.

Albeit the zero trust model being implemented by most companies lately, it is always wise to purchase cybersecurity insurance as cybercriminals are always on the rage to develop new methods to breach your security.

According to US research, in 2017, the cost to rectify one data breach was $141 per data record, which we are sure is a whopping much.

To prevent such losses, you are advised to seek help from a specialist in helping you select the right insurance plan according to the types of attacks your organization is most vulnerable to.

Conclusion

There are numerous ways to reduce both the occurrence and the impact of a cyberattack for your organization, but it needs meticulous planning.

First, you must ensure your remote working plans are resilient to cybercrimes and only improve your application security measures. As briefed in this article, there are a few must-follow steps to achieving financial security, and they involve the use of zero-trust models, data encryption, firewalls, web and email filters, anti-malware software, and VPN’s. When you implement these strategies along with profound and ongoing employee awareness training on cyber security is your best bet to ensure you are far away from being viciously attacked by the threat actors. This #cybersecuritymonth, learn to be cyber-aware and safe.

There’s no silver bullet solution with cyber security, a layered defense is the only viable defense.

James Scott

Publish: October 24, 2021

insights

Here are our thoughts on the latest in technology, and some compelling stories of our shared success.

Case Study
Vendor Experience Portal for a Branding & Promotional Company
Read More →

A global leader in Branding and Promotional Product industry envisioned an application to have 360 degree view of vendors. The portal built is aimed to manage, maintain, enrich, and enhance the experience of Vendor Relations.

Read More →
Case Study
Intuitive Shopfloor Management Mobile App for a Toy Manufacturer
Read More →

The app was built for remote monitoring and controlling plastic molding machines. The need...

  • 45% improvement in Production Planning Efficiency
  • 3x output through optimal Resource Scheduling
  • 65% reduction in unplanned downtimes
  • 100% paperless manufacturing
Read More →
Case Study
Invoice Process Automation for a Logistics Management Company
Read More →

The client wanted to automate invoice collection, read data, reconcile and approve for pay...

  • 3000+ invoices handled by bots per month
  • Reduced FTE for exception handling from 5 to 1
  • Unattended bots operate 24*7*365
  • Invoice processing time reduced from 6 mins to 30 secs
Read More →
Case Study
AWS Sagemaker based Computer Vision Solution for a Manufacturer
Read More →

Client is required to submit the old physical devices for the new inventory fulfillment re...

  • 80% efforts reduced in data annotation & labeling
  • 65% time saved in ML Modelling
  • 54% lower total cost of ownership
  • One-click deployment to the cloud
Read More →

Let’s create something incredible together!

Contact Us