WFH is the new norm.
The demand for remote working is on the rise, which has pushed us all head first into a new digital world. With this new means of working, businesses have needed to adapt to keep everything running smoothly, which isn’t always up to scratch when it came to being cyber secure. Not only does this open a new gateway for hackers, but with our guards are down, it has made us far more susceptible to attacks than we maybe once were.
WFH is right where hackers want us to be.
Strength in numbers is a cliché, but it’s true. If you’re in an office and you get an email, how often do you shout over to Dave and say “I’ve just had this email, have you?”. And all of a sudden, you’ve got two heads questioning an email. There’s no longer that second person anymore. You’re now faced with making this decision on your own. Hackers are aware that people are working in a different way, and that means to reach out for help and support has also changed.
Hackers have the element of disguise
Being located in an office or at home, you might think that your data is stored safely, but hackers know a trick or two. We’re constantly sharing information online, whether that’s through a business website, through LinkedIn, Twitter, Facebook you name it. A hacker will find a name and simply call head office, ask for John the CEO and discover that he’s on annual leave. That’s three pieces of information to get started with. From there, they could email someone new in the business with “hello, I’m John the CEO. We’ve not spoken before, but I need this from you…” Even in a 50-million-pound business, which one of the 200 employees is going to call the CEO and ask him if he meant what he said? Not many. That’s how easy it really is for a business to become compromised to hackers.
The bigger the better… Not when it comes to surface attack areas though.
Understanding the surface attack area and making that as small as it possibly can, will help reduce the risk of threat. Simply put, in an office you had one device to 100 people, but now they’ve all gone home. So you’ve got 100 people with 2 or 3 devices, plus 86 remote networks, making it a much bigger attack surface.
In addition, there’s also devices in our homes that we might not even consider to be a threat. Your Google home or Alexa are equally as likely to cause a pitfall. What might these devices be eavesdropping into? Some information you discuss at home might be highly sensitive, and you don’t want Amazon to be a part of it. As we’re probably all aware of, there’s been stories about a thousand packets of baby wipes turning up at someone’s front door the next day because Alexa has overheard a conversation… But the same can be said for highly sensitive information. We now need to think about these issues on a larger scale. It’s no longer just Steve and his accidental order of many baby wipes, it’s Steve and everyone else that is connected to the same server that can be impacted. That means all of the devices need to fight off anything that might be brought into the equation.
Gone phishing… be back soon.
Not only are hackers becoming more sophisticated with impersonations, but the old methods that they used previously have been supercharged. There are seasonal emails to watch out for. Take the Christmas period for example; You’ll be bombarded with phishing emails taking the form of a phony M&S or Sainsbury’s newsletter encouraging you to get your turkey in early. And there’s everyone’s favourite, the usual tax returns emails from HMRC, and false pandemic emails coming through. Anything that’s topical, or you’re expecting in the back of your mind, is now likely to take the form of a phishing attack.
Education, education, education.
The question now is “how do we deal with these issues?”. Ultimately, it’s all about awareness and training. You can spend multiple 0’s on security, but your best and first line of defence is your people. If you arm your people with the buzzwords and terminology by breaking it down for them so it’s easy to digest and understand, they can then start to use this in their working practices. If you want to kick start the development of cyber maturity in your employees, we can provide you with user-awareness training. Get in touch today to find out more. . .