The McAfee Labs 2016 Threat Predictions report warns that as enterprise organizations beef up corporate IT security, companies can expect more cyber-attacks aimed at employees that work from home.
“.. a dynamic workplace environment, highly mobile workforce, and rapidly changing workers’ expectations have blurred the concept of a network perimeter,” according to Intel Security’s five-year look-ahead into the evolving threat landscape. “Workers no longer stay within the confines of a trusted network, or the restrictions of a specific device, making them more productive, but security more difficult.”
The report takes an in-depth look at the various types of “threat actors” and how attackers’ behaviours and targets will change and how the industry will respond between now and 2020. The predictions cover issues such as ransomware, to attacks on critical infrastructure, to the hacking of connected vehicles and wearables to the sale of data.
Doug Cooke, director of sales engineering at Intel Security Canada, discussed with IT in Canada, why employees and executives that bringing work home and using the private Internet connection or mobile devices may be at risk of being hacking targets.
“Tens of thousands of employees and executives work from home regularly or occasionally for one reason or another. We do so because we find it more efficient that wasting four hours a day in traffic and because technology allows us to do so,” he said. “But because these workers are now in effect working outside the protected corporate network, they can be an attractive target to hackers.”
For instance, attackers can more easily log into a marginally protected home Internet connection and from there gain access to a person’s corporate laptop that’s being used for some work-at-home task or being used by a family member for non-work related online activity.
At this point, an attacker can surreptitiously install a key logger on the device and capture personal and corporate passwords or grab control of the computer and order it to send out company data to a botnet command and control centre.
Wearables like smartwatches and fitness monitors contain GPS data that can provide hackers with clues as to the device owner’s whereabouts and habits. Using this information, Cooke said, a hacker can craft enticing phishing emails that can dupe users to open messages that contain malware.
There are also countless news reports of officials and workers in both public and private sectors who have lost or misplaced mobile devices and USB drives that contained sensitive corporate data.
Should companies ban employees from working from home or using thumb drives and wearables? There have been organizations that went that route but there are other alternatives.
Cooke believes education and well-though out policies around data protection could provide results that benefit both workers and employers. He recommends the following steps:
Educate users – Making sure everyone in the organization realizes the importance and value of data to the organization, its employees and customers are critical. Users need to be made aware and reminded of the value of stored and in-transit information that they handle and that their devices have access to. They also need to be aware of the importance of protecting such information and the consequences of the data falling into the wrong hands.
Know where your employees are – Organizations need to develop a system where they can determine who are they people working outside the corporate network, what type of devices they are using and their level of access to data and the network. This will be useful in developing security procedures, identifying security weak spots and tracing data movement in case a breach occurs.
Extend software protection – Organization should consider extending licences of malicious code protection software to include use in the homes of certain employees. This could be an additional cost that the company would have to negotiate with its vendors.
Establish virtual private networks (VPNs) – VPNs are not just pipelines that connect remote employees to work servers. VPNs secure corporate data and even protect the online privacy of employees that work remotely. Most VPNs are encrypted so computers, other devices and other networks connected to them via encrypted tunnels.
Protect USBs – Install on employees’ machines software tools that enforce encryption of data stored in USB sticks. This way, even if a user misplaces the USB stick, the data contained inside is protected by encryption.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…