[BreachExchange] Cyber crime poses a massive threat to businesses, thanks to remote workers using unsecured public wifi
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Jul 9 19:22:14 EDT 2018
http://www.cityam.com/288304/cyber-crime-poses-massive-
threat-businesses-thanks-remote
As I write, thousands of employees are opening up Macs in cafes and trendy
workspaces across the country, sipping on cortados, and getting ready to
start their days.
These workers are part of what’s being called the “remote working
revolution”, and they represent a movement away from the presenteeism that
previously defined office working.
A blessing and a curse
Technology is at the centre of this non-traditional working boom – thanks
to communication applications like Skype and Slack, staff are readily
accessible anywhere in the world where there’s a half-decent wifi
connection.
The rise of virtual and augmented reality also means that employees can
attend meetings despite being on the opposite side of the globe.
Unfortunately, these flexible working habits present a big cyber security
risk, which companies and employees often aren’t prepared to tackle.
Let’s talk about wifi
We’re an increasingly wifi-dependent society. For remote staff, good wifi
is essential, so business owners and employees inevitably gravitate towards
stronger hotspots – whether they are password-protected or not.
The problem is that when workers head to their favourite cafe and log into
the convenient wifi that doesn’t require a password, they are placing a
huge amount of trust in the hotspot’s owner and hoping that there aren’t
any would-be scammers around.
Newer routers are more secure, but rely on their owners to keep the
hardware updated. The bigger threat is from fraudsters, who can eavesdrop
on unencrypted activity using simple software, or even create fake wireless
spots to mimic legitimate ones by naming their network after a cafe to make
it look authentic.
Once hackers have done this, it’s simple to intercept unencrypted data,
wait for you to open unsecured sites, or even create phony versions of real
sites in order to steal your private data.
This has created a bit of a perfect storm for small businesses and
companies adopting more flexible attitudes to where their staff work.
Unlike banks, which have sophisticated security systems in place, it
doesn’t take much for businesses to open themselves up to potential fraud.
Most employees use email programs like Outlook or Gmail – and while the
latter offers some protection due to its two-factor authentication, it
wouldn’t take much for a scammer on an unencrypted network to mimic a
web-based email client, and then scrape a users’ details when they try to
log in.
Once that’s done, hackers can log into accounts, and scan through reams of
emails in order to dig out juicy company details such as payslips, invoice
details, and personal data. Before you know it, scammers have access to the
internal mechanisms of your company.
Securing your business
Businesses can protect themselves from attacks by: encouraging staff to
avoid sites that aren’t secure and don’t display HTTPS in the URL; install
firewalls, antivirus, and malware software on staff computers to make sure
there aren’t any chinks in the company’s armour; and regularly install
software updates, as they typically contain security patches.
It’s also worth considering installing Virtual Private Networks (VPNs) on
work devices – VPNs essentially create encrypted tunnels through which your
staff’s online traffic can travel through securely. These can be set to
work automatically, so require very little heavy lifting from employees.
It makes sense to dodge onerous overheads like offices while startups are
getting up to speed – it’s not unusual for startup owners to work out of
cafes in the first few months of their existence – but they must be
diligent, and secure themselves against cyber risks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180709/f0789fca/attachment.html>
More information about the BreachExchange
mailing list