Cyber Threats and 10 Steps to Make Your Remote Work Secure
Cyber Threats and 10 Steps to Make Your Remote Work Secure
Understanding the types of cyber threats, cybersecurity awareness, and following 10 critical steps will help you and your sensitive data stay secure while working remotely.
Over the past year, many organizations have made the transition to a remote workforce or a hybrid of remote and on-site workers. Most of these businesses will continue with a remote or hybrid workforce as they forge forward through this digital age.
Cybercriminals continue to increase their efforts as technology continues to evolve. With cyberattacks occurring every 11 seconds around the world, cybercriminals have turned their focus to small and medium sized businesses (SMBs) for many reasons. All companies, no matter the size or location, are targets for cyberattacks.
Understanding the types of cyber threats, cybersecurity awareness, and following 10 critical steps will help you and your sensitive data stay secure while working remotely.
The Increase of Cybercriminal Activity
Over the past couple of years cybercrimes have increased for businesses of all sizes, in all locations, in all industries. No organization is completely safe from being breached.
Companies like eBay, Equifax, Marriott International, Yahoo, T-Mobile, Home Depot, JP Morgan Chase, and Target are just a few examples of companies that have been breached recently.
For companies that don’t have a robust security program in place, it can take 6 months, on average, to detect a data breach. Malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds. Every day new statistics turn out unbelievable data, including:
- 70% of all data breaches happen to small and mid-size businesses.
- 39% of global data breaches caused by malware were ransomware.
- 58% of SMBs have experienced a data breach in the last 12 months.
There are many reasons why cyberattacks are on the rise and the following reasons are just a few of them:
- Increased Attack Surfaces – This includes smart phones, tablets, and the internet of things (IoT) where the default settings on devices and appliances have not been changed.
- Lack of training – Many employees don’t know how to identify risks. Cybersecurity Awareness Training is needed for all staff members.
- Insider Threats – These can be malicious or accidental. Any employee, current or former, and anyone with access to your systems are insider threats.
- Shortage of Cyber Professionals – There’s a huge gap between the demand for cybersecurity professionals and a short supply of available experts.
- Paralysis – By not doing anything, you are at risk. Cybercriminals are aware that smaller businesses feel they don’t have anything hackers want, and they know a lot of companies are simply not doing anything or not doing enough to protect themselves.
- Cybercrime is a Growth Business – Hackers are entrepreneurs, they are legit businesses. There are very sophisticated organizations with hundreds of employees involved in cybercrime now that evolve with the market.
Types of Threats
There are many cyber threats to be aware of, but the more common threats include:
- Malware – Software that is designed to gain unauthorized access or to cause damage to a computer.
- Ransomware – Type of malicious software. It is designed to extort money by blocking access to files or the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be recovered, or the system restored.
- Phishing – The practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to get you to do something (open an attachment, click a link, give sensitive data like credit card numbers and login information). It’s the most common type of cyberattack.
- Cryptojacking – The unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto executes once loaded in the victim’s browser.
- Zero Day – Takes advantage of security vulnerability before the vulnerability becomes generally known. There are zero days between the time the vulnerability is discovered and the first attack.
- Social Engineering – This is a tactic that adversaries use to trick you into revealing sensitive information. They can solicit a monetary payment or gain access to your confidential data. Social engineering can be combined with any of the threats listed above to make you more likely to click on links, download malware, or trust the malicious source.
10 Steps to Make Remote Work Secure
If your organization is transitioning to work from home, the following 10 steps can help you and your staff with the process to make your experience more secure and reliable.
- Install Updates – Check that your computer has all the latest updates and patches installed. Many vulnerabilities exist in out-of-date software and are the perfect entry-point for a hacker. You must protect the data that you are entrusted to access. Keep it safe by ensuring your software is up to date.
- Install and Update Antivirus and Anti-Malware Tools – Ensure that your computer has the latest antivirus and anti-malware software installed. These tools are highly valuable and are designed to reduce risk and keep your computer safe from threat actors that want access to your company’s data.
- Always use the Virtual Private Network (VPN) – A VPN allows you to create a secure connection to another network over the Internet. A VPN creates an encrypted tunnel between you and a remote server, and all your Internet traffic is routed through this tunnel, so your data is secure from prying eyes along the way.
- Separate Your Network – Connect your computer to a different network than the rest of your remote location. It may be as simple as using the company VPN to create that secure connection. If your mobile data plan allows for unlimited data, consider using the hotspot on your phone instead of a guest network or your home network.
- Password Protect and Lock Your Computer – Always password protect your computer and lock the computer when you are not using it. Please remember that your company computer is for business use only. While it might be convenient to check the news or order takeout, please limit personal use and do not allow friends and family to use your work computer.
- Create a Different User Account for Family and/or Friends – If you use your personal computer for remote work, create a separate user profile for yourself that is different from your family members or friends.
- Create Unique and Complex Passwords – Always create unique and complex passwords for each account. Use a combination of uppercase and lowercase letters, numbers, and special characters that are at least 12 to 14 characters in length. Don’t share or save the passwords on the computer. Also, use multi-factor authentication (MFA) where it is offered.
- Use the Latest Internet Browser – Use the latest Internet browser such as Mozilla Firefox, Google Chrome, or Microsoft Edge. Outdated browsers can contain vulnerabilities that can open you up to a variety of cyberattacks, ultimately leaving company data exposed.
- Be Careful What You Click On – Cybercriminals are looking to take advantage of you when you least expect it. Therefore, be careful which link you click on or attachment you open. Mouse over the link and see where it wants to take you. Check for the actual spelling of the domain looking for anything unusual.
- Backup Your Data Regularly and Check the Backup – Ensure that you backup your data on a regular basis and check the backup. The purpose of the backup is to create a copy of data that can be recovered in the event of a primary data failure. Primary data failures can be the result of hardware or software failure, data corruption, or a human caused event, such as a malicious attack (virus or malware), or accidental deletion of data. Backup copies allow data to be restored from an earlier point in time to help the business recover from an unplanned event.
Hammer IT Consulting, Inc.
Dr. Bennet Hammer is the Founder and President of Hammer IT Consulting, Inc., an IT and Security Consulting Company. Dr. Hammer earned a doctorate degree in Information Systems with a concentration in Information Security.
Hammer IT Consulting, Inc., provides IT hardware, security software, and security services solutions to State and Local Governments, Higher Education, K-12, Healthcare, and corporate entities throughout the United States.
For more information on our cybersecurity services and solutions, reach out to us by calling (833) 426-6374. You can also send an email over to info@hammeritconsulting.com.