With the high prevalence of cybercrimes and the accompanying havocs, the need to observe cybersecurity best practices for devices, networks, information, and data is highly paramount.??
According to a post published by CNBC Make It, companies such as Yahoo, Veeam, Marriott, and some others have recorded a whooping figure of about 6.4 billion records hacked over the last decade. This leads top organizations and companies in investing on security best practices. For instance, Mircosoft Corporation pumps over $1 billion in combating cyber-attacks through researches and developments yearly as mentioned by a top executive of the company.??
Unfortunately, the number of successful cyber attacks would continually increase. This is not limited to, but largely as a result of much influx of remote jobs and workers using the cloud in recent times. This is evident as a poling conducted between 30th, march – 2nd, April shows an increase in the number of U.S remote workers to about 57%.? However many do not make use of security best practices to combat cyber attacks.
Common Types Of Cyberattacks on Remote Workers:
Successful attacks could be as a result of the company’s or sometimes the worker’s negligence. Main types of cyber attacks on remote workers are:
Attack Via Team Collaboration:
Regardless of the high rate of productivity derived from team collaboration, when using collaboration workspace or platform, it’s paramount for the team to observe security best practices. Some of these collaboration platforms are Zoom, Slack, google drive/docs, Microsoft OneDrive. The platform aid interactions amidst remote workers. However, apart from information leaking through an unfaithful member of the team, it could be leaked by the negligence of a team member. This could be as a result of working from an unsafe connection, device, or multiple devices. Therefore, penetration occurs through the weakest link.
When a network connection between the remote worker(s) and employer (company) is not secured, it is not obeying security best practices. The use of strong firewalls and VPN by a company is important. This encrypts and protects the connection between the worker and the employer. An antivirus should also be installed for both parties.
Verizon after conducting an investigation in 2019, states that about 30% of the data breaches involved phishing, though in various forms. Phishing occurs when a hacker uses the identity of an individual or an organization you trust to acquire information from you. The information range from individual personal details to financial details.?
Unfortunately, the advancement of hackers in the use of phishing methods is of great demerit to remote workers. This is done by sending text messages and emails, but not limited to that. Therefore, with most companies workers working from home, especially during a pandemic period like this-COVID-19, there is an increase in phishing, as network best security practices are not kept optimally. The mode of interaction between some companies and their employees is through emails and texts, giving an avenue for phishing.
Some of the signs that indicate a text message or email could be a phishing attack are:
- A high level of urgency it portrait.
- A highly lucrative or attractive offer contained in it.
- An unsecured link attached.
- Personal information requested.
- Unusual tone or sender.
IP Spoofing (Man In The Middle Attack):
In a situation of Man in the Middle attack, there is a breach between the user and the server. Common examples are session hijack, replay, and IP spoofing. Albeit, the latter is very common as the hacker inserts a fake address into the IP address. While it shows the original and trusted address, it ends with another link. Unfortunately, many remote workers do not observe this. Therefore, making the interaction look as if it is a true communication is occurring.
Effective Cybersecurity Best Practices:
Since remote jobs usually involve a service provider and an employer, the success of cybersecurity best practices?relies on both parties.
Practices for The Employers:
- Training Sessions should be conducted on a regular basis by the company to enlighten the workers on using the best security practices.
- A secured network setup and cloud based system should be put in place.
- Encryption of documents is very vital.
- Two step verification should be enabled.
- Install a CAPTCHA system.
- Setup an Advance Threat Protection When hosting a team collaboration.
- Protect cloud infrastructures with an organization like AWS cloud security.
Practices for Remote Workers:
- Encrypt documents while communicating with the employer.
- Setup two-step verification
- Use safe devices and use incognito mode while using other’s devices.
- Change and create strong passwords periodically
- Do not response to suspicious mails
- Check every time if the website is secured. Sites with http// are not secured.
For any of the following not available, it is important to discuss with the employer.
It is important to note that one or multiple attack types could be combined together to perpetrate evil by cybercriminals. Using the best security practices will prevent you from successful cyberattacks while you work remotely. This in turn increases your productivity and the gain of your employers.