Written by our Cybersecurity Experts
The COVID-19 pandemic has fundamentally changed the way that employees interact with company data, and the world around them. The global shift from the office to remote working has forced firms to reassess traditional IT standards and adapt their cybersecurity policies to accommodate staff that connect to corporate networks from an ever-increasing number of public locations, with varying levels of endpoint security.
Cybersecurity used to mean exercising rigid control over onsite workstations, routers, servers and connected devices. The “new normal” has arrived, and with it, a set of working practices that are inherently less secure than gathering staff together on a single network, in the same physical space.
Let’s look at some of the reasons why remote working can be such a risky business, and what you can do to mitigate some of the risk.
Public WiFi networks
Remote workers make heavy use of public WiFi hotspots to do their job, and transfer information to and from a corporate network. The vulnerability of public WiFi hotspots is an open secret in the world of cybersecurity. Public networks are focal points for cybercriminals looking to exploit weaknesses in unsecure hardware such as routers or wireless access points, and extract data from connected devices.
‘Man-in-the-Middle’ attacks
A so-called ‘man-in-the-middle’ attack occurs when a hacker attempts to trick users into connecting to their own wireless network, instead of a legitimate access point, by naming the Service Set Identifier (SSID) in a similair way as the ‘real’ network. Unsuspecting users connect to the fake network operated by the hacker, who is able to extract information from the connected device including corporate login information and financially sensitive data.
Man-in-the-middle attacks usually occur in large public areas such as cafes, airports, restaurants and libraries. Unless the user is familiar with the location, they can often be very hard to detect. The easiest way to combat such attacks is to seek out the correct access point by asking staff, or reading WiFi information posted around the building. If you see a suspicious network when you’re trying to connect, alert staff immediately – you’ll almost certainly be doing someone else a favour in the long run!
Packet sniffing
Hackers use specialised software called ‘packet sniffers’ to intercept unencrypted data transfers on a public WiFi network, without the need for a user to connect to a fake access point.
Cybercriminals target weak wireless passwords to place themselves between the user and the server facilitating the request, through a process called ‘passive monitoring’. Remote workers will be totally unaware that their machine or device has been targeted, and will go about their business without knowing that every piece of data they send and receive is being monitored and logged.
How to protect yourself on a public WiFi network
Encryption
The safest way for a remote worker to do their job from within a public WiFi network is to use a company-sanctioned VPN service that secures data by encrypting it during transfer. Invite-only VPN connections (not paid-for public services such as NordVPN or ExpressVPN), the likes of which remote workers use to connect to an office network, are often designed to work specifically alongside commercial routers, firewalls and switches and are pre-configured to
Only use HTTPS (Hypertext Transfer Protocol Secure) websites
Remote workers should only use websites that start with “https” instead of “http”. HTTPS (Hypertext Transfer Protocol Secure) is a secure version of the HTTP protocol that uses the SSL/TLS protocol for encryption and authentication on public websites. It is inherently more secure than its HTTP alternative and significantly more resilient to packet sniffing/eavesdropping
Email security
Email hacking relies on a concept called ‘social engineering’, whereby criminals dupe unsuspecting employees into handing over confidential information. Despite the proliferation of collaborative working software such as Microsoft Teams and various other UCaaS platforms, remote workers don’t have the ability to pop their head around someone’s door and ask them if a request is legitimate.
Phishing
A ‘phishing’ attack occurs when hackers attempt to trick staff into doing what the National Cyber Security Centre define as the ‘wrong thing’. This can mean anything from clicking a link in an unsolicited email that downloads a computer virus, or sending them to a website that collects sensitive information from employees or clients.
Spoofing
Spoofing is the act of a hacker impersonating a trusted source within a company or client organisation. It relies on the criminal’s ability to pass themselves off as someone else, either by impersonating an email address or by a complex technique of re-routing internet traffic to trick your network into thinking they are an internal user.
The most common form of spoofing occurs via email, where it’s used in combination with a phishing attack to trick users into clicking on a malicious link. The most sophisticated spoofing attacks occur where a hacker has familiarised themselves with your remote working setup and how you process data and/or payments across your organisational chart.
Passwords and Two-factor Authentication (2FA)
Remote workers carry out their duties from a variety of static and mobile devices. The easiest and most cost-effective way to ensure that a network is kept safe from external threats is by maintaining rigid, industry-standard password protocols that prevent unauthorised access and limit the number of options hackers have to exploit weak passwords across corporate domains, email platforms and SaaS applications.
2FA
Passwords, when used in isolation, are markedly less secure than requiring several methods of authentication. When remote workers attempt to log in to a cloud-based or on-premise network, 2FA requires them to verify two pieces of information, also known as ‘factors’, from the below categories:
- ‘Knowledge’ factor – something the user knows, most commonly a password or PIN number. Knowledge factors are also known as ‘secrets’.
- ‘Possession’ factor – something the user owns or has access to, such as a mobile phone authenticator app, a physical device (ID card, key fob) or a token.
- ‘Biometric’ factor – this is anything that can identify the user as being themselves through biological information such as fingerprints, speech patterns or iris patterns.
- Timed factor – restricts login attempts to a specified time period.
- ‘Location’ factor – where the authentication attempt originated from, verified by methods such as IP addresses or GPS information obtained from a laptop or mobile phone.
IT administrators can specify which of the above factors are required, prior to a user being granted access to a network. In general, most 2FA platforms ask for the first three – location and timed factors are usually reserved for internal IT networks and remote working policies.
Password complexity
Passwords should be of an appropriate length (usually a minimum of 8 characters) and contain a complex string of alphanumeric information, including uppercase and lowercase letters, and special characters.
Remote workers often forego standard practice and use the same password across multiple private and public platforms. This can cause data breaches to escalate from relatively minor intrusions involving personal email accounts, to large scale instances of corporate theft, using the same password information across multiple platforms.
Companies should deploy a range of password management protocols – including 30-day expiry terms, 2FA and complexity guidelines – to ensure that remote workers aren’t exposing their employers data to theft or malicious use.
Stay vigilant!
The golden rules for remote working are to always be vigilant and conduct yourself in accordance with your company’s IT policy. If something looks suspect, it’s better to ask questions first and click later. The world of commercial IT is awash with tales of lax remote working procedures and companies with a laid-back attitude to cybersecurity who fail to secure their data, and find themselves falling victim to a financially crippling intrusion that’s played out among their customer base and the media.
Stay safe!