Just like most of us, Xinja HQ has moved to home offices in the last few weeks. Everything from meetings to on-boarding, from presentations to work drinks, has been moved from the real world to the digital space. And although this has some unique benefits, like track pants with business shirts, short bed to desk distance and unlimited Tiger King, it also carries a unique set of risks.
Many of us are still trying to figure out exactly how to navigate this new normal, but one thing that many of us may not have had time to get our heads around is how to maintain security in our new workplaces.
Before diving into the tips for keeping yourself cybersecure let’s first take a look at a few pesky threats that have recently been resurfacing.
Meet the videoconferencing troll
As Hamish Blake hilariously demonstrates, “Zoom-bombing” is now a thing, where individuals or groups of trolls deliberately disrupt meetings, just for the pleasure of making your life even more difficult. But most online meeting services let you control who joins your meetings, what they share and when. Here are some handy tips for Zoom:
Use a guest list: in Zoom you can select who joins your meeting and how, then mute, remove or hide participants as you please.
Add a password: so you can share a meeting ID publicly, but share a password only to those who need it.
Try the Waiting Room: instead of participants being able to join in directly, they request to join before being brought in by the host
Another major security threat for remote workers that don’t have their IT team nearby are phishing campaigns and weaponised emails attacks through malware.
Being extra cautious about scams and thinking twice before you click on anything is a very good start…don’t take the bait!
CEO fraud and Executive fraud are on the rise
It may look like an email from your HR manager with an attachment on the new Work-from-Home policy. Or, it may be disguised as an email from your organisation’s CEO, trying to organise money transfer. Beware, and double check the legitimacy of these messages as they could well be cleverly designed schemes to trick you into giving up your Personally Identifiable Information (or PII) or bank details.
Weaponised email attack
Weaponised email attacks (emails containing malware, such as crypto lockers) are also on the rise, using keywords around the COVID-19 crisis to attract attention. They are designed to take advantage of people’s fears and need of information during the COVID-19 outbreak. According to a report by Threatpost, the main type of “weapons” used in these messages are unchanged: mostly links to fake websites, macros, Microsoft Office files and executable files.
According to Proofprint, one credential phishing campaign, a scammer pretending to be Microsoft Customer Support, asked email recipients to download an attachment containing malicious malware to comply with the company’s new regulations in light of an employee testing positive for the coronavirus. A Fake coronavirus threat map website that mimics a real one is another example of cybercrooks preying on human fears.
Money mule is back!
Profiting off the distress of thousands of people losing their job, attackers are creating fake sites pretending to offer jobs or assistance. For example, a fraudulent website that looks as if it was a legitimate non-profit organisation, recruits new employees and tells them that they will be collecting and transferring donations for an international coronavirus appeal.
A few tips to stay secure while working from home
Being extra cautious about scams and thinking twice before you click on anything is a very good start…don’t take the bait! But it still doesn’t make your WFH security bullet-proof. Although many companies already have systems and security in place for remote work (like Xinja does), the thing is that many have never checked them let alone used them. As you remain far from your cosy and secure office, here are a few suggestions to stay cosy and secure at home:
Make sure your home Wifi is secure. Most Wifis are secure by default, but some old installations might not be. Nobody wants their neighbour to snoop on their professional emails and their Netflix watchlist.
Make sure you have good antivirus software. Examples are: BitDefender, Norton or Sophos, if you don’t want to spend money on your protection. Oh, and remember: it’s 2020: Macs are not immune anymore. They have not been for a while.
Keep up to date. Remember that message saying there is a new version of your system to download, the one you keep ignoring? Time to say “OK” and install it.
Store your data in the cloud. If you store your files on your computer and your computer crashes, there is no way to recover them… so get amongst the clouds!
Improvisation is not always your friend. It is important to be smart and adaptable… but not if it puts you at risk. If a tool isn’t working right, you might be tempted to download a substitute. Don’t do it. You could inadvertently introduce a software program with a security vulnerability or leak your organisation’s data to unauthorised parties.