Cybersecurity Survival Guide for Remote Working

COVID-19 Update

Being secure means being prepared, so in this article we've broken down the major risks and key tips related to your cybersecurity posture under remote working conditions.
Social Engineering: In reality, the major cybersecurity risks at home are not much different than those at work, they're simply amplified. As we've covered extensively in recent articles, the number one threat to your organization's security remains social engineering. With the proliferation of online communication, this attack vector has grown tremendously. Now, along with phishing and vishing, we find SMSishing, spear phishing, and whaling. As our personal lives become increasingly accessible through social media, google searches, and data breaches, hackers are now able to craft highly tailored social attacks in a matter of minutes.

Mitigation Tips: Social engineering is a human weakness, and therefore must be solved with human measures. First and foremost, this means regular employee trainings and workshops. Once employees learn to spot the tell-tale signs of a social attack, the risk becomes radically reduced. Secondly, interdepartmental collaboration is key to creating a company-wide awareness and provide solutions such as a dedicated communication channel for employees with any security-related questions or who'd like to report an incident. Finally, enabling Multi-Factor Authentication across all relevant applications is in many ways the easiest and quickest way to reduce your organization's social engineering risk.

Weak passwords: they remain a significant risk for both on-site and remote workers. Employees often reuse the same password for multiple accounts or even leave the default credentials in place. At Silent Breach, we've found that credentials that have been on the Dark Web for years are still in use throughout large corporations. Furthermore, through our physical penetration tests, we've found that office employees still continue to write down their credentials on a post-it note that is taped to their computer monitor. While working at home, there is the increased risk of the note becoming visible during a video conference or to cohabitants with access to your home office space.

Mitigation Tips: As with social engineering, enabling MFA is a great first step to help mitigate risks arising from weak password security. Secondly, a number of password management services have become available over the last few years that help you create a unique and complex password for each of your accounts, and then safely store those credentials for future use. Finally, the use of passphrases (a string of unrelated words) is now the preferred format for secure password creation. This is based on the idea that humans are better than computers at processing semantic content, but we have trouble remembering strings of unrelated characters.

Outdated software: Many people continue to use outdated software for personal use. As we become increasingly reliant on third-party applications, the risk of one of these platforms being breached must be factored into your security posture. Limiting the number of external tools can often be difficult as companies move to cloud and SaaS solutions, and becomes near impossible during remote working conditions.

Mitigation Tips: Ensure that all systems are running on their latest versions. Enabling automatic updates is usually best practice, wherever feasible. Finally, be aware of all the devices that are connected to your home network. This may include: baby monitors, TVs, smart home devices, and even your car. Perform regular checks to make sure these systems are up-to-date and password protected.

At the end of the day, organizational security will never be contained in a single solution, nor can it be implemented by a single team. Now, more than ever, basic security hygiene must be propagated throughout the entire organization if it is to remain effective. Let us know if you have any recommendations that we've left out, or if you'd like help implementing any of these measures in your organization.

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.