An unfortunate reality of employees working from home is the increased risk of cyberattacks on businesses. In the wake of the coronavirus pandemic, experts are warning that businesses who are implementing remote workplaces will become more vulnerable to attacks.4 This is due to the reduced level of cybersecurity that businesses and employees have when they work outside of the office environment.
1. Coronavirus phishing emails: hackers posing as authorities, such as government or multinational organisations, are taking advantage of business anxiety. In the UK, victims have already been scammed out of AUD$1.6 million due to Coronavirus scams.5 To mitigate this risk, ensure you inform your employees about safe email protocols. Further, implementing the ACSC Essential 8 strategies will dramatically reduce the threat – even if an employee accidentally opens a spam email.
2. Fake Coronavirus websites: with people searching for information online, there has been a dramatic increase in fake websites designed to trick victims into downloading malware.6 Implementing Application Hardening and application Control, along with employee training, will mitigate this risk.
3. Password vulnerability: as 61% of people use the same password7 for a wide range of logins, this hacking strategy becomes even more vulnerable for people working remotely on their private devices. Multi-Factor Authentication and employee training can stop hackers from leveraging stolen passwords and protect company data.
4. Session hijacking: this is when a hacker manages to substitute its own IP address for a client’s IP address, resulting in the hacker becoming the ‘middle-man’ between the client and the network server. When working from home, computers without the right cybersecurity protections can become more vulnerable and thus, it is easier for hackers to take control. Implementing Next-Generation Antivirus systems can reduce the likelihood of an attack.
5. Internal hackers: Unfortunately, 34% of all cyberattacks are instigated by malicious insiders8 and remote working means there are more opportunities for this to occur. Ensuring Restrictive Administration Privileges, as well as employee training, are the best ways to protect against internal threats.