Being secure means being prepared, so in this article we've broken down the major risks and key tips related to your cybersecurity posture under remote working conditions.
Social Engineering: In reality, the major cybersecurity risks at home are not much different than those at work, they're simply amplified. As we've covered extensively in
recent articles, the number one threat to your organization's security remains social engineering. With the proliferation of online communication, this attack
vector has grown tremendously. Now, along with phishing and vishing, we find SMSishing, spear phishing, and whaling. As our personal lives become increasingly
accessible through social media, google searches, and data breaches, hackers are now able to craft highly tailored social attacks in a matter of minutes.
Mitigation Tips: Social engineering is a human weakness, and therefore must be solved with human measures. First and foremost, this means regular employee
trainings and workshops. Once employees learn to spot the tell-tale signs of a social attack, the risk becomes radically reduced. Secondly, interdepartmental
collaboration is key to creating a company-wide awareness and provide solutions such as a dedicated communication channel for employees with any security-related
questions or who'd like to report an incident. Finally, enabling Multi-Factor Authentication across all relevant applications is in many ways the easiest and
quickest way to reduce your organization's social engineering risk.
Weak passwords: they remain a significant risk for both on-site and remote workers. Employees often reuse the same password for multiple accounts or even leave
the default credentials in place. At Silent Breach, we've found that credentials that have been on the Dark Web for years are still in use throughout large
corporations. Furthermore, through our physical penetration tests, we've found that office employees still continue to write down their credentials on a post-it
note that is taped to their computer monitor. While working at home, there is the increased risk of the note becoming visible during a video conference or to
cohabitants with access to your home office space.
Mitigation Tips: As with social engineering, enabling MFA is a great first step to help mitigate risks arising from weak password security. Secondly, a number of
password management services have become available over the last few years that help you create a unique and complex password for each of your accounts, and then
safely store those credentials for future use. Finally, the use of passphrases (a string of unrelated words) is now the preferred format for secure password
creation. This is based on the idea that humans are better than computers at processing semantic content, but we have trouble remembering strings of unrelated
Outdated software: Many people continue to use outdated software for personal use. As we become increasingly reliant on third-party applications, the risk of one of these
platforms being breached must be factored into your security posture. Limiting the number of external tools can often be difficult as companies move to cloud and
SaaS solutions, and becomes near impossible during remote working conditions.
Mitigation Tips: Ensure that all systems are running on their latest versions. Enabling automatic updates is usually best practice, wherever feasible. Finally, be
aware of all the devices that are connected to your home network. This may include: baby monitors, TVs, smart home devices, and even your car. Perform regular
checks to make sure these systems are up-to-date and password protected.
At the end of the day, organizational security will never be contained in a single solution, nor can it be implemented by a single team. Now, more than ever, basic
security hygiene must be propagated throughout the entire organization if it is to remain effective. Let us know if you have any recommendations that we've left
out, or if you'd like help implementing any of these measures in your organization.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.