Cyber Security Risk Assessment: Threats to Remote Workers

Cyber Security Risk Assessment: Threats to Remote Workers

By Shiran Grinberg

How do organizations successfully maintain a strong cyber security stance, with so many staff members working at home due to the novel coronavirus rules and regulations?

Remote workers are likely to become a growing target for cyber criminals. The following guidelines are designed to help you conduct a cyber security risks assessment and then minimize potential cyber security threats.

THE CHALLENGES OF REMOTE WORK SECURITY 

  • Unsecured Wi-Fi Networks: Most workers will be working in their homes, where they have secure Wi-Fi. However, some individuals may need to use unsecured public Wi-Fi networks, which are prime spots from which malicious parties could spy on Internet traffic and collect confidential information.

  • Using Personal Devices and Networks: Personal devices and home networks often lack the security tools that are built into business networks, such as strong antivirus software, customized firewalls, and automatic online backup tools. This increases the risk of malware finding its way into devices - meaning that potentially both personal and work-related information could be leaked.

  • Scams Targeting Remote Workers: Many employees lack remote work training and skills, leaving organizations vulnerable to malicious campaigns. We’ll no doubt see an increase in the prevalence of work-from-home scams.
Cyber Security Risk Assessment

CYBER SECURITY GUIDELINES & BEST PRACTICES 

  • Use Strong Passwords: It is as important as ever to ensure that all accounts are protected with strong passwords. Passwords should be unique for every account and should comprise a long string of uppercase and lowercase letters, numbers, and special characters.

  • Set Up Two-Factor Authentication: Two-factor authentication (2FA) and two-step verification (2SV) involve an additional step that adds an extra layer of protection to your accounts.

  • Use a VPN: Using a virtual private network (VPN) can slow down Internet speeds; keep this in mind if you need to perform high-bandwidth tasks such as holding video conference calls.

  • Set Up Firewalls: Your device’s operating system typically will have a built-in firewall. In addition, hardware firewalls are built into many routers. Make sure that yours are enabled.

  • Use an Antivirus Software: Even if malware does manage to find its way onto your device, an antivirus may be able to detect it, and in some cases the antivirus may remove it.

  • Secure Your Home Router: It’s important to take simple steps to protect your home network and prevent malicious parties from gaining access to connected devices. Changing your router password is a good first step, but there are other actions you can take. For example, make sure firmware updates are installed so that security vulnerabilities can be patched. The encryption should be set to WPA2 or WPA3. Restrict inbound and outbound traffic. Use the highest level of encryption available and switch off WPS.
Cyber Security Risk Assessment
  • Install Updates Regularly: Updates often include patches for security vulnerabilities that have been uncovered since the last iteration of the software was released.

  • Back-up Your Data: Data can be lost in a number of ways, including human error, physical damage to hardware, or a cyber attack. Ransomware and other types of malware can wipe out entire systems without you having a chance to spot it. Make sure to back-up your data either on the organization’s cloud or on dedicated hardware.

  • Look Out for Phishing Emails and Sites: Phishing emails, as well as voicemails (vishing) and text messages (smishing) are used by cyber criminals to “phish” for information. This information is usually used in further schemes such as spear phishing campaigns (targeted phishing attacks), credit card fraud, and account takeover fraud. Phishing emails will likely target remote workers in a bid to steal their personal information or gain access to company accounts.
Cyber Security Risk Assessment
    • To spot a phishing email, check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body. 

    • Hover over links to see the URL and don’t click links or attachments unless you trust the sender 100 percent. If in any doubt, contact the alleged sender using a phone number or email address that you find somewhere other than in the suspicious email.

    • If you do click a link and end up on a legitimate-looking site, be sure to check its credibility before entering any information. Common signs of a phishing site include lack of an HTTPS padlock symbol (although phishing sites increasingly have SSL certificates), misspelled domain names, poor spelling and grammar, lack of an “About” page, and missing contact information.

  • Use Encrypted Communications: Use secure methods of communication. Thankfully, many mainstream messaging services such as Signal, WhatsApp, and Telegram come with end-to-end encryption as default or as an option.

  • Lock Your Device: If you do have to work in a public space, or if you live with people who you can’t share work information with, then it’s important to keep your device secure. Password-locking your device will usually encrypt its contents until someone enters the password.

For an extra layer of encryption protection, you can use an additional full disk encryption tool such as VeraCrypt or BitLocker.

If you need to physically lock your device, for example, at a library or hospital, a Kensington lock is a great option.

Check out our Cyber Hub to learn how you can stay one step ahead or contact us to learn how our team can assist you today!

Shiran Grinberg
Written by Shiran Grinberg
Shiran Grinberg is a Senior DFIR Research Analyst at CyberProof responsible for digital forensics, incident response and IT security. Shiran brings to the table twelve years of experience in information security and cyber – with a focus on cyber warfare, national cyber defense strategies, and critical infrastructure cyber protection strategies. Prior to joining CyberProof, Shiran held a variety of positions including as Cyber & Mobile Forensic Lab Manager at Liacom, Forensic Team Leader & Lab Manager at Cellebrite, and Sector Manager at Bank Hapoalim. Shiran has worked in a wide range of industries including the military, law enforcement & intelligence, financial services, telecommunications, and public administration.


Share this article