LE BLOG OWLGUARD

TELEWORKING: STAY (CYBER)SAFE

Publié par Seunghee, le 03/05/2021

Due to the COVID-19, we have got many changes in the working environment of companies, and working from home is at the center. There are many positive aspects of working from home, but also there are many negative aspects. Particularly increasing security threats for teleworking is a serious problem, and with the deployment of remote work systems, it is necessary to think about how to protect teleworking. The pandemic accelerated teleworking and it is predicted that by 2021, 25 - 30% of the total workforce will work from home.

According to some statistics, over 90% of teleworkers expressed their opinions that they would like to work from home even after the coronavirus has ended.

Productivity may be increased more flexibly through working from home, but the security problem will be more serious because it is more vulnerable to security than the work environment in the office. In particular, the security of Wi-Fi networks from home is an urgent problem. Attackers can target specific employees and access their Wi-Fi networks near their homes to steal data traffics, Wi-Fi credentials, important business information or even installs a ransomware, and attempt various malicious attacks.

Things to think about for cybersecurity in teleworking are:

1. Make your employees aware of cyber risk and monitor employees’ security habits thoroughly.
Do not reply to suspicious messages and do not open attachments that might be there, simple steps. Most of the cyber incidents are caused by human errors. You need to know what information, why and how to protect it from cyber risk such as malicious emails/Phishing emails, fake websites, login credentials, etc.

Login Credentials: Credential stuffing refers to an attack that attempts to gain unauthorized access to a user account by automatically assigning the collected username and password. In this way, data breaches in the past years have occurred, and as a result, billions of login information have fallen into the hands of hackers. These credentials fueled the underground economy and were abused for everything from spam to phishing and account hijacking. Credential stuffing attacks are one of the most common ways cyber criminals use stolen usernames and passwords.

In the 17 months from November 2017 to the end of March 2019, security and content delivery company Akamai detected 55 billion credential stuffing attacks across dozens of industries. Industries such as gaming, retail, and media streaming were attacked more severely than other industries, but none of them were exceptions. For example, on May 24, 2019, a credential stuffing attack allowed criminals to access up to 139 million profiles on the popular graphic design platform Canva. Therefore, any company that values cybersecurity needs to prevent credential stuffing cyber attacks. Thus, how we can secure login credentials risk; “Credential stuffing will not go away,” Akamai said in his “Internet Status” report.

Since this cannot be stopped for sure, the process of obtaining authentication information should be made as difficult as possible. Poor passwords and password reuse are a huge threat to account security. If the password is high level risk or reused across multiple accounts, everyone will eventually be compromised. This awareness of reality should spread, and password managers and multi-factor authentication should continue to be encouraged.

Malicious Emails/Phishing Emails:
Phishing is also one of most well-known common cyber-crime, in all, that is 46,000 phishing sites detected each week. This allowed a total of 2.02 million for the whole of 2020. Despite these huge number of phishing attacks, we still do not have enough attention on it so here 5 clues to help you spot scams.

a. Make sure the email address is not strange.
No legitimate organization will send emails from an address that ends ‘@gmail.com’. If the domain name (the bit after the @ symbol) matches the apparent sender of the email, the message is probably legitimate. The best way to check an organization’s domain name is to type the company’s name into a search engine.

b. Be vigilant for e-mails from people you do not know.

c. The email is poorly written, look for grammatical mistakes, not spelling mistakes.

d. Do not open e-mails not previously announced like... attendance request form from the police station, government agency report, domestic and foreign political situation data, various business emails, etc.

e. Never click untrusted attachments like resumes, invoices, year-end settlement data, annual salary contracts, etc. Remember, criminal hackers only require one mistake from one employee for their operation to be a success. As such, everyone in your organizations must be confident in their ability to spot a scam upon first seeing it.

2. You must Keep your home Wi-Fi network safe.
When employees at teleworking need frequent access to important company information, the secured protocol should be applied. It was impossible to build infrastructure at the level of large corporations in small and medium-sized businesses or at home. Provide a VPN to your employees (Virtual Private Network, a virtual computer network dedicated to a structure) is essential so that they can connect remotely and securely to your company network. However, to ensure optimal protection, you should make sure that your VPN is also secure.

3. Update your operating systems and applications regularly.
In addition to improving performance, the updates will help fix potential security vulnerabilities on a regular basis. When your IT environment is secured, the productivity of teleworking is guaranteed.