Because of the Covid-19 pandemic, as well as a variety of other factors, working from home is now more common than ever before. This is a lot more convenient for many people, but that convenience has a price. Remote workers seem to be more likely targets for hackers and other cybercriminals, and we are going to explore the reasons behind that fact. We will also offer some good advice on how to deal with this new level of risk.
Why Should You Be Alarmed?
Right now, you might be wondering why you should be concerned about this? After all, the threat of being hacked was already present, right? While this is true, the threat has apparently become far greater of late.
The U.S. Department of Homeland Security has a division that handles cybercrime, known as the CISA (Cybersecurity and Infrastructure Security Agency). They recently issued an alert regarding new methods that have been used by hackers to infiltrate secured networks. The worst part is that they have mostly been targeting VPN services, which are normally considered to be quite safe.
The good news is that the hackers have not found a way to break through a VPN’s encryption. The bad news is that they have found ways to get around those encryptions. The most common method is to use what some people call “social engineering hacks.” If they can’t compromise the network itself, they compromise one of the people who use that network.
Why Are Remote Workers Being Targeted?
Of course, there is no way for us to read a hacker’s mind, but certain things are obvious. Like all criminals, hackers tend to look for big gains and easy targets. Because the average employee is not well-educated on computer security, they do indeed make an easy target. As for the big gains, those come when the intruder gains access to an entire corporate network.
Of course, this is also happening because it is a recent change. Many companies have been forced to expand their remote work programs due to the pandemic, and many of them were not prepared. Hackers realize this, and so they are moving to take advantage of those who are unprepared.
Cybercriminals, unlike many other criminals, rely entirely on deception. Before they can take anything from you (or act against you at all), they first have to trick you into granting them access. Like all liars, they often try to use current events to their advantage. For instance, we’ve already seen a huge upsurge in Coronavirus-related scam emails/text messages. Of course, this has nothing to do with the virus itself: It’s just the latest method of deception. If we were being invaded by flesh-eating penguins, you can bet that all the scam artists would switch their tactics in order to exploit that fear.
How To Avoid Being Targeted
All of this analysis is good, but it doesn’t necessarily make you any safer. Instead, let’s focus on some preventive measures that can help you to stay one step ahead of the criminals.
First of all, regular updating is a must. Software companies are constantly working to patch known vulnerabilities, and you don’t want to get left behind. Sometimes, when a new vulnerability is discovered, it is patched within a short time. However, those who fail to get the update in time will remain vulnerable. That’s why automatic updating is a good idea for both your operating systems and software.
VPN’s Still Work…But Only If Used Correctly
Obviously, you can’t just drop your VPN, as there is no better alternative at present. Network encryption is too important to ignore, so you should instead focus on using your VPN service in a more secure way. You might want to switch VPN companies if you don’t have much trust in your current one. However, you shouldn’t stop there.
You might want to implement some new VPN restrictions, such as limiting access to certain devices or certain times of the day. Hackers will normally trick people into giving up their login credentials by pretending to be a member of the IT department or something like that. That’s why you need a positive way for IT staff members to identify themselves when contacting employees. Employees should also be instructed to report any suspicious activity immediately.
The Rise Of “Vishing”
Phishing emails are a common way to hijack a computer, but now there is a new threat on the horizon. “Vishing” is a form of phishing that uses video communications instead of email or text messages. Instead of trying to hack someone, they can just make a phone call and pretend to be a legitimate authority. They will then instruct the victim to log into their company VPN and will give them a link with which to do so. The problem is, the link will only lead back to a phony login page that is designed to capture all keystrokes made by the user.
To defeat this new technique, employees should only log in through authorized portals, and should never click any weblink to log into that network. VPN access should be controlled with an app that is only available on company devices, and should never require a web link. Besides, a close look at that web link will reveal that it doesn’t lead to the right place. In the end, wariness and suspicion are the best defensive weapons here.
Cybercrime is a constant and ever-evolving threat, but it isn’t as scary as it might seem. If you understand the threat, it becomes far less likely that you will be victimized. Knowledge is the best remedy, and you want to make all your employees aware of scams like this.
The main takeaway here is to beware of anyone who asks you to provide confidential login information. No matter the reason, this should always be met with suspicion. Con artists can be very pushy sometimes, and may even try to threaten you in some way if you do not comply. However, you should always trust your instincts on something like this. If you have enjoyed this article, and if you would like to know more, please call PCH Technologies at (856) 754-7500.