New South Wales has been thrown into lockdown and stay at home orders have been put in place. Therefore, Sydneysiders have once again found themselves working from home (WFH) full time. Working from home presents a series of challenges and risks. Even if you are partnered with a Managed Service Provider such as Milnsbridge IT, your home network and the devices on it may not be secure. Many businesses have transitioned to work from home arrangements during the current Sydney lockdown. In response to this, Milnsbridge has prepared a guide of common weaknesses and risks when working from home.
Home network vulnerabilities
Working from home in a lockdown means that most likely, every member of your house will also be home, using their devices on your household network. Even if your work device is protected by Milnsbridge IT, your home office network may be unsecured and open to threats. Threats to a home’s network can be caused by numerous faults, so here are some examples to be mindful of:
- Compromised devices on your network – Other people on your network may have their devices unwittingly or accidentally compromised through malicious emails and other types of cybercrime. From there, an entire home network can easily be compromised which could jeopardise your sensitive company data and your ability to work from home.
- Potential solutions – Whilst your work device is protected by Milnsbridge, it is good to be mindful of the potential risks of working from home and not to become complacent as the lines between private browsing and work browsing inevitably blur.
- Wi-Fi vulnerabilities – Another common tactic used by hackers is to compromise connected devices through accessing home wi-fi networks. Your wi-fi password might be short and easy to make it memorable. However, if it is not complex (upper/lowercase, special characters, mix of letters) your password can easily be guessed and a hacker can sit dormant in your home network. Similarly, when working remotely in any environment that has public wi-fi it is important to be mindful that these environments are ideal for hackers to compromise devices and collect confidential information.
- Potential solutions – To avoid your work device and data being compromised, be mindful of wi-fi vulnerabilities such as weak, easy to guess passwords. Similarly, be mindful of the dangers of using unprotected public wi-fi networks when doing work, banking or any other important tasks.
Be Aware of Phishing Tactics
Hackers are aware of the huge shift in working from home and have adjusted accordingly. Moreover, phishing relies on social engineering and human error. Phishing scams have taken advantage of people far removed from their offices, workspaces and unable to commit to in person drop ins or meetings.
Types of Phishing Attacks
- Financial scams – A number of phishing emails claiming to sell facemasks, vaccines and other pandemic related equipment surged in the last year. In other cases, some email scams are posing as fake charities or the World Health Organisation (WHO). Under this guise, the email will ask for donations to be made to a Bitcoin wallet.
- Covid themed phishing – People are heavily reliant on online communication, particularly in a lockdown. Two interesting phishing tactics have emerged from this trend. The first is phishing and malicious emails posing as official government sources sending out important covid related information. The second example is an SMS-based phishing attack. Hackers will purport to be the government and include a malicious link for covid info and testing.
- Social engineering – Working from home means reduced contact with your team. Hackers have taken advantage of this and have been using email spoofing to phish users. The hacker can hijack an email account of someone within your organisation and begin to send malicious emails. These people are more likely to open and trust the email as it has seemingly come from you. This type of phishing campaign has resurfaced with a number of people now working remotely and communicating largely by email.
- Solutions – Be mindful that phishing attacks can happen anywhere at any time and stay vigilant. If an email sounds suspicious, call or reach out the person through another channel to confirm it’s them. You can also read up about spotting phishing scams here and here.
Working from personal devices
Snap lockdowns are unforeseeable and often leave businesses scrambling to effectively move to a remote environment. Whilst other threats such as network vulnerabilities and phishing scams can be concerning, the biggest risk of working from home is working from a personal device. Even though your work device may be protected, your personal device you keep at home is not. This practice blurs the lines between personal browsing/leisure and sensitive business data handling. If work devices are not able to be taken home, a VPN (Virtual Private Network) and cyber security awareness are the next best practices if working from a personal device is imperative.
The essential eight
The Australian Cyber Security Centre has recently published a series of baseline mitigation strategies. This report includes recommendations for managers and owners to implement into their work environment to mitigate cybercrime. Some of these recommendations include:
- Restricting admin privileges – Admin accounts are the ‘keys to the kingdom’. Cybercriminals use these accounts to acquire access to sensitive information and systems. These privileges are not always accessible to regular user accounts within a typical organisation.
- Configure web browsers to block Flash/uninstall Flash – Flash, ads and Java are common ways to transmit web-borne viruses. From there the virus can execute malicious codes and activities on the device.
- Consider multi-factor authentication – Strong authentication for user systems. VPN and completing high privilege tasks can reduce the chance of cybercriminals compromising your systems and devices.
You can read more recommendations from the essential eight here.
Flexible work from home can be tough and may present a number of challenges. However, when partnering with Milnsbridge IT, you can be assured of the best customer service, that both your team, and your IT are safe both onsite and when working remotely. To discuss working from home remote solutions or Managed IT, call Milnsbridge now on 1300 300 293.