Home working and cyber security are a difficult partnership, as highlighted by the BBC this week.
We deal with companies on a daily basis that are facing the challenges of supporting a remote workforce, and have noticed the most common mistakes are:
- Insecure connections to the work network – usually not using multi-factor authentication
- Lack of staff training in cyber security, or a reliance on e-learning that staff do not engage with
- No advice to staff on how to secure their home Wi-Fi networks
- Staff using personal devices for their work
- Phishing attacks designed to target home workers defeating cyber defences and infecting staff with ransomware or tricking them into doing money transfers.
Much as we may claim people can work from home effectively, communication between staff is both significantly less frequent, but also just not as effective over Zoom, Teams, Slack or whatever you are choosing to use. Staff are likely not raising cyber security issues as often, and it is less easy to see when an attack is targeting multiple staff. The use of personal devices and home Wi-Fi setups allows hackers many potential avenues of attack, as these will not be configured as securely as corporate-managed devices and connections.
Hackers are resourceful, but tend to always go for the easiest method to breach a network. At the moment, these are:
- Using a phishing attack to steal employees’ passwords. This will trick the employee into clicking a link they think is legitimate, but it goes to a fake website that steals their username and password. This usually targets Office 365. The hacker will then log into the real Office 365 account.
- Hackers gain access to your network through weak passwords, most likely through an employee re-using the same password across multiple websites. This is a hacking technique known as ‘credential stuffing’ and is easily prevented by multi-factor authentication.
- The company uses an out-of-date VPN with vulnerabilities that a hacker can exploit to gain access
- A third-party supplier or client has their email or network compromised, and this is used to attack your network through phishing and other attacks.
As a cyber-security services provider, naturally we would want to ensure that you didn’t suffer a data breach. Falanx is able to help protect you using our Detection in Depth approach. Combining Artificial Intelligence-powered technology and expert human analysis, our Triarii Managed Detection and Response (MDR) service can detect and alert you to any suspicious activity in real-time, giving you the assurance that your data is protected against unauthorised access. Alternatively, our Managed Endpoint Detection and Response (EDR) service (advanced protection for endpoints – e.g. work laptops that are used from home) can be installed on devices to detect and block attacks that target your employees. We also continuously update our engaging and entertaining cyber security awareness training services, delivered live over Teams, Zoom or Google Meet, to address the security concerns of home working, focusing on what staff themselves can do to help.
So, whilst home working and cyber security are a difficult partnership, a trusted provider like Falanx Cyber can help you get it covered.
For more details on these services, please Contact Us.