How to Work Safely from Home – The Threats
As giant businesses are issuing decisions to allow people to work from home even after the COVID-19 pandemic passes, working from home becomes the mainstay of the jobs of many knowledge workers. Threats inherent to working away from the office are becoming more apparent and avoiding them, more critical.
We are now working from an environment different than that which our organization’s IT departments have worked years to render secure. This immediately puts us—and our work—in potential danger, and also lays upon us almost exclusively the burden of making ourselves secure.
It becomes more evident, though it has always been the case, that our behaviors regarding security are the most important factor in our safety.
We continue with our series on How to Work Safely from Home with a few of the more common threats that can endanger us away from the office.
The Different Types of Threats that Endanger Us
There are a host of cybersecurity threats that can come from different sources and can penetrate our defenses unless we’re careful about how we interact with the digital world. These threats can vary in source and in the methods used for protection. Here are some of the most common.
Phishing
Sources: Email, SMS
What is it?
According to Deloitte, “Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. This occurs when an attacker pretends to be a trusted entity to dupe a victim into clicking a malicious link, that can lead to the installation of malware, freezing of the system as part of a ransomware attack, or revealing of sensitive information.”
The way this works is: you get an email or a message that looks like it’s from your bank, your boss, your internet provider, or any other entity. In the email, they could ask you to click a link or reply with information.
If you provide the requested information, the attackers can use it to gain access to something of value.
How do I know if I’m being attacked?
Look at the sender’s email address. Does the email look like it’s coming from the place it claims to be from? You can easily check the domains and numbers of most institutions by going to their website, searching for previous messages, or asking them over a verified phone number to confirm the email or phone number that’s contacting you. If the sender’s address does not match the official email or domain of the institution, then it’s most likely a phishing attack.
Another aspect to watch for is shortened links. There are platforms that offer the service of allowing you to hide a long link by using a much shorter one. The problem is you won’t find out where the link goes until after you click on it, and then it will be too late.
How can I protect myself?
Make it a habit of checking the email address (or number in case of SMSs) of the sender. DO NOT OPEN any emails that come from addresses that look suspicious or that don’t match the official domain of the institution.
You can find out the content of shortened links withing clicking them by pasting the link in your browser’s address bar and adding a “+” after it (http://bitly.com/2lgPesi+). This works for links shortened by bit.ly and goo.gl. For tinyurl.com links add “preview.” after the two slashes (http://preview.tinyurl.com/95m56yub).
Malware
Sources: Many, including spam emails, infected removable drives, hacked or malicious webpages, and bundled with other software.
What is it?
Malware is software created with the intent of creating damage, stealing information, or spying on a user. It is a very diverse group of programs, whose purpose could range from simply serving ads to the infected device up to a complete hostile takeover of the device.
How do I know if I’m infected?
Symptoms of infection include weird behavior of programs on the device, files failing to open, seeing a multitude of pop-ups, and receiving strange emails.
How can I protect myself?
As with all security, the mainstay of protection lies in our behaviors as users.
- Avoid opening emails from strange sources
- Never insert a removable drive into your device unless its from a trusted source
- Make sure your antivirus program is powerful and always make sure its definitions are up to date
- Never open emails that seem suspicious
- Avoid visiting malicious or shady websites (such as those offering stuff for free)
- Beware if a trusted website starts acting strangely; it could be the victim of a hack
- Always read the installation notes for any new software to make sure you know exactly what’s being installed
DSL Router Attacks
Many of us think that if someone gains access to our Wifi network that the only damage is they’ll be browsing the internet for free. There are however other risks to people gaining access to your network, as it can serve as a platform for launching attacks against other devices on that network, such as your phone or laptop.
You might also think that attacks on your router require someone to be within its range. But because your router is your gateway to the internet, it is exposed to and frequently targeted by automated scans, probes, and exploits, even if you don’t see them.
Sources: The internet, someone within range of your network.
How can I protect myself?
- Your first measure of security should be changing the default router administration password. The default passwords for the make and model of your router, or of your ISP, can easily be acquired from the internet leading to easy access of your router.
- Your router’s firewall should also be turned on at all times. This is one of the lines of defense for your network and you shouldn’t ignore it.
- Your Wifi network should also be secured with WPA2-PSK (AES) encryption or WPA3 if you can find it
Online meeting Software
COVID-19 spurred a massive change in our behaviors as knowledge workers. We were forced to rely on teleconferencing and meeting platforms; Zoom probably being the most common. Some of these platforms had never estimated such an immense rise in their user base, which resulted in massive loads on these platforms and various security issues (notable among which was Zoom using Facebook login on iOS, which resulted in user data sent to Facebook without user consent).
Sources: Zoom (being the most used and scrutinized, but any other online meeting software could have similar issues).
How can I protect myself?
Though these platforms may seem innocuous, heavy use over the past period has shown how they can be exploited. Methods to ensure our safety while using them include:
- Always make sure that the Zoom application is up to date so that you have the latest security patches
- Using a strong password for meetings. Treat this password like you would any password
- Don’t use zoom for meetings of a highly sensitive nature
- Enable waiting rooms so that you can screen participants before allowing them into the meeting
- Disable screen sharing for participants
- Close or minimize all windows before screensharing, even if you’re sharing only one application or window
You Can Secure Yourself
These aren’t the only threats that you’re facing when working remotely, but these are very common and probably unlikely to be encountered in the secure environments of our workplace.
Through constant vigilance and good security practices we can help keep ourselves, our information, our organizations, and—most importantly—our families safe from the threats that are constantly lurking in our digital world.
Stay Safe!