The ongoing pandemic and changes to workplace set ups means that in 2022, work from home is increasingly becoming normal. However, remote working presents a series of challenges and risks. Even if you are partnered with a Managed Service Provider such as Milnsbridge IT, your home network and the devices on it may not be secure. Many small businesses have transitioned to work from home arrangements during the lockdown dramatically reducing the number of people doing the daily commute to the Sydney CBD. In response to this, Milnsbridge has prepared a guide of common weaknesses and security risks when working from home.
Home network vulnerabilities
Work from home (WFH) in a lockdown means that most likely, every member of your house will also be home, using their devices on your household network. Even if your work device is protected by Milnsbridge Managed IT Services, your home office network may be unsecured and open to threats. Threats to your home’s network can be caused by numerous faults, so here are some examples to be mindful of:
- Compromised devices on your network – Other people on your network may have their devices unwittingly or accidentally compromised through malicious emails and other types of cybercrime. From there, an entire home network can easily be compromised which could jeopardise your sensitive company data and your ability to work from home.
- Potential solutions – Whilst your work device is protected by Milnsbridge, it is good to be mindful of the potential risks of working from home and not to become complacent as the lines between private browsing and work browsing inevitably blur. To ensure the best protection we use and recommend Sentinel One Endpoint Security to protect against both known and unknown threats using AI technology.
- Wi-Fi vulnerabilities – Another common tactic used by hackers is to compromise connected devices through accessing home wi-fi networks. Your wi-fi password might be short and easy to make it memorable. However, if it is not complex (upper/lowercase, special characters, mix of letters) your password can easily be guessed and a hacker can sit dormant in your home network. Similarly, when working remotely in any environment that has public wi-fi it is important to be mindful that these environments are ideal for hackers to compromise devices and collect confidential information.
- Potential solutions – To avoid your work device and data being compromised, be mindful of wi-fi vulnerabilities such as weak, easy to guess passwords. Similarly, be mindful of the dangers of using unprotected public wi-fi networks when doing work, banking or any other important tasks. In addition to stronger wifi security it is strongly recommended to use a secure VPN service on your work device like a Fortigate VPN system to isolate your device from the rest of the home network when communicating with business IT infrastructure.
Be Aware of Phishing Tactics
Hackers are aware of the huge shift in working from home and have adjusted accordingly around our new flexible work arrangements. Moreover, phishing relies on social engineering and human error. Phishing scams have taken advantage of people far removed from their offices, workspaces and unable to commit to in person drop ins or meetings.
Types of Phishing Attacks
- Financial scams – A number of phishing emails claiming to sell facemasks, vaccines and other pandemic related equipment surged in the last year. In other cases, some email scams are posing as fake charities or the World Health Organisation (WHO). Under this guise, the email will ask for donations to be made to a Bitcoin wallet.
- Covid themed phishing – People are heavily reliant on online communication, particularly in a lockdown. Two interesting phishing tactics have emerged from this trend. The first is phishing and malicious emails posing as official government sources sending out important covid related information. The second example is an SMS-based phishing attack. Hackers will purport to be the government and include a malicious link for covid info and testing.
- Social engineering – Working from home means reduced contact with your team. Hackers have taken advantage of this and have been using email spoofing to phish users. The hacker can hijack an email account of someone within your organisation and begin to send malicious emails. These people are more likely to open and trust the email as it has seemingly come from you. This type of phishing campaign has resurfaced with a number of people now working remotely and communicating largely by email.
- Solutions – Be mindful that phishing attacks can happen anywhere at any time and stay vigilant. If an email sounds suspicious, call or reach out the person through another channel to confirm it’s them. You can also read up about spotting phishing scams, avoiding scams and spotting scams.
Working from personal devices
Snap lockdowns during the Covid-19 pandemic are unforeseeable and often leave businesses scrambling to effectively move to a remote environment. Whilst other threats such as network vulnerabilities and phishing scams can be concerning, the biggest risk of working from home is working from a personal device.
Even though your work device may be protected, your personal device you keep at home is not. This practice blurs the lines between personal browsing/leisure and sensitive business data handling. If work devices are not able to be taken home, a VPN (Virtual Private Network) and cyber security awareness are the next best practices if working from a personal device is imperative.
The essential eight
The Australian Cyber Security Centre has recently published a series of baseline mitigation strategies. This report includes recommendations for managers and owners to implement into their work environment to mitigate cybercrime. Some of these recommendations include:
- Restricting admin privileges – Admin accounts are the ‘keys to the kingdom’. Cybercriminals use these accounts to acquire access to sensitive information and systems. These privileges are not always accessible to regular user accounts within a typical small business.
- Configure web browsers to block Flash/uninstall Flash – Flash, ads and Java are common ways to transmit web-borne viruses. From there the virus can execute malicious codes and activities on the device. Having your devices managed by an MSP should ensure these vulnerabilities are eliminated and not be allowed to compromise your security.
- Consider multi-factor authentication – Strong authentication for user systems. VPN and completing high privilege tasks can reduce the chance of cybercriminals compromising your systems and devices. We recommend using DUO for authentication services which can be managed and administered by your MSP.
You can read more recommendations from the essential eight here.
Flexible work from home can be tough and may present a number of challenges, but can also improve your work life balance when the office day no longer has fixed work hours. Its now been some time since many Administrative Assistants, Call Centre and Customer Service staff began remote work from home in Sydney NSW, but a return to the offices is beginning to occur. Although most workers work full time they are only returning for a few days a week as workers work in the new hybrid working mode.
When partnering with Milnsbridge Managed IT Services we act as your virtual assistant, you can be assured of the best customer service, that both your team, and your IT are safe both onsite and when working remotely. To discuss working from home remote solutions or Managed Services, call Milnsbridge now on 1300 300 293.