Just like most of us, Xinja HQ has moved to home offices in the last few weeks. Everything from meetings to on-boarding, from presentations to work drinks, has been moved from the real world to the digital space. And although this has some unique benefits, like track pants with business shirts, short bed to desk distance and unlimited Tiger King, it also carries a unique set of risks.
Many of us are still trying to figure out exactly how to navigate this new normal, but one thing that many of us may not have had time to get our heads around is how to maintain security in our new workplaces.
Before diving into the tips for keeping yourself cybersecure let’s first take a look at a few pesky threats that have recently been resurfacing.
As Hamish Blake hilariously demonstrates, “Zoom-bombing” is now a thing, where individuals or groups of trolls deliberately disrupt meetings, just for the pleasure of making your life even more difficult. But most online meeting services let you control who joins your meetings, what they share and when. Here are some handy tips for Zoom:
Another major security threat for remote workers that don’t have their IT team nearby are phishing campaigns and weaponised emails attacks through malware.
Being extra cautious about scams and thinking twice before you click on anything is a very good start…don’t take the bait!
It may look like an email from your HR manager with an attachment on the new Work-from-Home policy. Or, it may be disguised as an email from your organisation’s CEO, trying to organise money transfer. Beware, and double check the legitimacy of these messages as they could well be cleverly designed schemes to trick you into giving up your Personally Identifiable Information (or PII) or bank details.
Weaponised email attacks (emails containing malware, such as crypto lockers) are also on the rise, using keywords around the COVID-19 crisis to attract attention. They are designed to take advantage of people’s fears and need of information during the COVID-19 outbreak. According to a report by Threatpost, the main type of “weapons” used in these messages are unchanged: mostly links to fake websites, macros, Microsoft Office files and executable files.
According to Proofprint, one credential phishing campaign, a scammer pretending to be Microsoft Customer Support, asked email recipients to download an attachment containing malicious malware to comply with the company’s new regulations in light of an employee testing positive for the coronavirus. A Fake coronavirus threat map website that mimics a real one is another example of cybercrooks preying on human fears.
Profiting off the distress of thousands of people losing their job, attackers are creating fake sites pretending to offer jobs or assistance. For example, a fraudulent website that looks as if it was a legitimate non-profit organisation, recruits new employees and tells them that they will be collecting and transferring donations for an international coronavirus appeal.
Being extra cautious about scams and thinking twice before you click on anything is a very good start…don’t take the bait! But it still doesn’t make your WFH security bullet-proof. Although many companies already have systems and security in place for remote work (like Xinja does), the thing is that many have never checked them let alone used them. As you remain far from your cosy and secure office, here are a few suggestions to stay cosy and secure at home: