Many of us are still working from home at the moment, and even with restrictions being eased over the next few months, most organisations are looking at permanent home working or at least a hybrid model. Hackers are of course adapting to this new model, and it opens up a whole new wave of potential targets with every organisation needing a way to allow staff to access their email and internal documents remotely. We can see this with the Microsoft Exchange cyber attacks that are happening right now, which I’ve posted about here. This shows that cybercriminals and nation state attackers are adapting their methods to target widely used systems that if successfully exploited can give the hackers access to corporate email or even the entire network. Perhaps you haven’t been targeted by a cyber attack during the pandemic, but the attacks are ramping up fast and if you’re planning on enabling staff to work from home on a more permanent basis, it’s definitely time to start thinking about how cybercriminals are targeting you and how best to adapt your cyber defences.
Working from home has accelerated the need for BYOD and/or providing more corporate laptops and mobiles. This provides even more of a ‘surface area’ for criminals to target, with each of these devices becoming a potential way of breaching the perimeter. There’s a strong chance these devices aren’t configured securely or with effective anti-virus. Falanx provide a highly-effective, yet highly-affordable, M-EDR (Managed Endpoint Detection and Response) service which works alongside your existing anti-virus to provide much more effective protection against attacks targeting these devices. For more information on this service please see our M-EDR (Managed Endpoint Detection and Response) service page.
Another point to consider is with staff members working from home they are all connecting through their own home Wi-Fi connections. Usually the office would be set up with its own secure corporate Wi-Fi that would have been configured by IT and perhaps penetration tested, but suddenly we have hundreds of different Wi-Fi network configurations set up by staff who likely have very little knowledge of security, and in most cases have not been provided with any advice by the organisation on how to set up their wireless router securely. It may seem unlikely, but how hard would it be for a determined attacker to discover the home address of a staff member by finding them on LinkedIn, and then using 192.com to identify their address. They could then attempt to hack their home wireless network, which I demonstrated on the Channel 4 show “Joe Lycett’s Got Your Back”. With access to a staff member’s home Wi-Fi, it’s only one more step to compromise the data on the laptop and the connections to the corporate network.
Contact us for more information on our M-EDR service or any other of our cyber-security services to help you protect against cyber attacks targeting your home workers.