How To Close The Biggest Gateways For Cybercriminals In The Home Office
The new world of work offers cybercriminals many points of attack. They use inadequate security precautions and insecure employees to infiltrate systems and steal confidential data. What are the main gateways, and how can companies best close them?
New applications and processes in the home office have unsettled many employees – cyber criminals are trying to exploit this situation in a targeted manner and trick them into disclosing confidential information or clicking on links and file attachments. In addition, the technical difficulties that many companies have in securing computers outside of the protected company network open up new attack opportunities for cybercriminals.
The most important gateway for attackers, regardless of the home office, are vulnerabilities in operating systems and applications. Almost every malware and infected website use software leaks to infect systems. However, the problem has worsened for companies with the introduction of home offices because they often find it difficult to provide security updates and patches to computers outside their infrastructure. Some systems no longer have any connection to the company network and are inaccessible to them. Others are connected via a VPN, quickly overloaded by larger software packages that may have to be distributed to hundreds of employees. The consequence: Computers in the home office are often not up to date and are therefore highly endangered.
Tip: Companies should rely on endpoint management that allows them access to systems regardless of location and connection to the company network.
Phishing emails and spreading malware via email are classics in cybercriminals’ toolbox and have become even more popular during the Corona period. On the one hand, the security solutions on company computers in the home office are sometimes only updated irregularly, or employees work with personal devices that are usually less well protected than company PCs. On the other hand, because the coordination effort in the home office is greater than in the office and many agreements are made by email, it is easier for attackers to foist fake emails on their victims.
Tip: Companies must ensure that security solutions on computers in the home office are always up to date and that personal devices used for work do not fall below a certain security level. Modern endpoint management helps with both. With training, you can also raise the security awareness of your employees and train them in the correct handling of phishing and malware emails.
Working from home is a new and unfamiliar situation for many employees. If they have not received specific instructions from their employer on handling data, applications and systems and if new processes have not been adequately explained, this can unsettle them. They are easier to trick and may not adequately question emails with dubious instructions or calls from supposed support technicians. Since employees have less direct contact with colleagues, they also lack direct opportunities for queries.
Tip: With binding rules and agreements, companies take away a large part of the insecurity of their employees and prevent them from accidentally endangering IT security or data protection. They should also specify communication channels and contact persons so that processes are regulated, and employees do not fall for email scammers and scam calls.
Many employees use a WLAN connection in the home office to work at the kitchen or living room table without the hassle of cables. They have often never changed their router’s WiFi password or are using a wireless network with no or outdated encryption. Doing so endangers company data because third parties can clip into the communication unnoticed – especially if no VPN is used or only certain connections are routed through the VPN tunnel.
Tip: Employees should set up WLAN encryption with WPA3 (or at least WPA2) and ideally update their router’s firmware and protect access to the device with a strong password.
Poorly Secured Access
In everyday work, employees usually have to deal with many complex passwords. Working from home has brought new access, for example, to VPNs, video conferencing tools and online storage for exchanging data with colleagues. This increases the risk that employees will resort to simple passwords or use passwords more than once – and thus make work easier for cybercriminals.
Tip: With a password manager or, even better, two-factor authentication, companies can make it much easier for their employees to deal with passwords and better protect all access to the company network, applications and online services.