New thinking

Hackers love remote workers

Remote working has provided an open door for cyber criminals to hack into company systems, putting your company data and reputation at risk.

The  dramatic increase in remote working during the pandemic is good news for cyber criminals. For experienced hackers, it’s the opportunity they’ve been waiting for to access your company’s data.

Cyber criminals typically enter company systems through vulnerabilities in remote workers’ networks. They hack into the employees’ data, steal what they want, and then move onto the more lucrative company data. For the employee and the company, the damage can be devastating.

Companies that fail to plug new gaps exposed by remote working will almost certainly be attacked.

Global cyber security expert Oren Elimelech says, “it’s not a question of if you if will be attacked but when you will be attacked”.

He says the shift to mass remote working happened very quickly and security was an afterthought, adding: “Due to Covid-19, many people are not able to access the office and they have to work remotely. This is no longer temporary, it’s the new normal. The problem is we loosened security measures and security standards to enable remote working, and we did this really rapidly, but security was not built in, it was bolted on afterwards.”

Oren is the founder and CEO of Israeli consultancy CyberTeam 360, which has formed a joint venture with accounting firm VBR in Brazil to help companies address the cyber challenge. VBR is a member of Praxity, the world’s largest alliance of independent accounting and consulting firms. Through the alliance, VBR shares expertise globally.

The growing threat

Urging companies to act quickly to protect their employee networks, Oren says: “It’s important to understand that cyberthreats are increasing, so people should definitely invest in cyber security now. Don’t wait for the cyberattack to happen. Most companies wait and end up paying far more. If your system gets penetrated the lost revenue will be ten times the cost of investing in cyber security measures.”

In August 2020, Oren presented a VBR webinar entitled Remote work and cyber security: the coronavirus threat. Days later he was alerted to exactly the type of cyber attack he warned about in the webinar. “We were notified of an incident where the cyber criminals penetrated a remote workers’ network and used it as a bridge to penetrate the company system – and it’s happening almost weekly.”

Ransom money and extortion

Attackers take advantage of any situation, including the pandemic. They leverage the expanding attack surface created by the transition to remote working. They exploit technical vulnerabilities intrinsic to remote connectivity, home environments and the cloud, and implement new forms of social engineering attacks.

“Once they have penetrated your system, they see what data you have, they see your bank account details, everything, but what they are most focused on is stealing information. You are not interesting to them. It’s the company you work for that is interesting so they encrypt files and ask for ransom money,” Oren explains.

The latest development is double extortion where cyber criminals demand money to release ransomware and then they demand extra money to keep quiet, threatening to ‘go public’ if the money is not paid.

How to prevent an attack

The single most important thing a company can do right now is to “improve employee awareness” through education and training, Oren says. “Organisations can make sure somebody is responsible for security measures, and every employee should be aware of what they need to do to improve security.”

Clearly, companies need to plug remote working vulnerabilities such as increased use of Virtual Private Network (VPN) access. Security teams must also adapt to changing network traffic and behaviour which is flooding Security Operations Centres (SOCs) with “false positive” security alerts. They need to put in place measures to distinguish between genuine threats and “noise”.

The VBR ‘CyberTeam’ recommends the following security measures:

  • Ensure policies are adapted to the new work environment. If process discipline was loosened, as is inevitable in many crisis management situations, make sure it’s gradually restored to a strong security level.
  • Raise employee awareness to the new wave of social engineering attacks and fraud attempts, preying on confusion and fear due to Covid-19 pandemic panic.
  • Increase logging and visibility of remote access activities to optimize detection of adversarial events.
  • Ensure and implement strong security controls and counter-measures to all existing cloud environments and remote-access enabled interfaces.
  • Deploy a robust security framework around the migration and implementation of new cloud workloads.
  • Stress-test configurations and enhance the protection of the traditional perimeter, such as VPN and virtual desktop infrastructure, and the network perimeter that exists when employees bring their own devices to connect to company networks, for example.
  • Optimize security around messaging and communication applications such as video conferencing, email and instant messaging.

Treatment plans

Different organisations will be at different stages in their cyber security evolution. They key is to cover all bases to foil even the most advanced attacks.

VBR’s cyber specialists have developed a range of “treatments” to help companies of all sizes address their security challenges, from evaluation of the current security status through to protection of data from advanced attacks.

This multi-layered approach to security, which Oren calls “Defence in Depth”, is designed to sure up defences at all access points, be they user, host or network.

There are four key treatments:

  1. An evaluation tool to provide a quantitative estimate of a company’s current remote access security status including VPNs, virtual desktops and apps, remote desktops and cloud access;
  2. An advanced “Quick Cyber Security Assessment” tool to assess information security programme status including policy and standards, threat intelligence and vendor management;
  3. A treatment plan tailored to an organisation’s specific cyber security needs;
  4. A virtual Chief Information Security Officer (vCISO) to manage cyber security on a customisable, scalable basis.

What can you do today?

Cyber security is becoming ever more complex. It must address new ways of working and defend against increasingly sophisticated cyber criminals. However, there are some simple steps employees and companies can implement immediately to foil hackers. Oren recommends the following:

Strengthen your password/s

A strong password is critical. Two-factor authentication apps / using one-time password sent to your mobile phone via an SMS message is highly recommended.

Lock your idle system

Automatic locking your system when idle reduces the cyber threat when you are not using your device. Select the shortest time possible.

Don’t connect to random insecure WiFi

Choose VPN or cellular networks instead. If you can only connect from the home WiFi network, make sure the network is private and that a complex password is defined that is not the manufacturer’s default.

Secure your home router

Home router security is weak and easy to breach. Increase protection with updates, a strong password and cloud-driven “umbrella” or open enterprise network security (Open DNS).

Create a wall of defence

Security teams should define automatic software updates in the operating system every two months as a minimum and make sure remote workers have up to date antivirus and firewall software enabled on their home computers.

Be alert

Employees should be constantly alert to phishing such as emails purporting to be from reputable companies in order to induce individuals to reveal personal information. Employees should also inform authorised persons in the organisation of any suspicious or abnormal event.

With cyber threats increasing, a few simple steps today, together with the adoption of a step-by-step security treatment plan, with regular updates and improvements, will protect your organisation and its remote workers from attack.

Resources are being stretched to the limit during the pandemic but failing to invest in adequate security during the remote working revolution could prove a costly error.

I originally wrote this article for Praxity Global Alliance, the world’s largest alliance of independent accounting and consulting firms. I have updated it for my website.