After the last number of weeks, you’ve become a work-from-home pro! You’ve got onto Zoom, Teams, WebEx and finally, understand that a VPN has nothing to do with your underpants. Nope, wait, you clicked on that WeTransfer email from someone you knew and opened the attachment and now weird stuff is happening to your emails! The real IT workers out there, now have a few problems.
A few weeks ago, I wrote about the struggle to get everyone working from home, all at once. It’s been quite a shift in white-collar working, all at once. If it wasn’t in such tragic circumstances, it surely would have been celebrated as one of the most major shifts to happen in work habits in decades.
However, just as you’re settled into your false sense of security, feeling safe, accomplished and empowered in this new way of working. But something is lurking in the shadows. It’s not just coronavirus we have to worry about now, it’s now the malicious attacker.
Your IT team whether in-house or external, have had a bit of a campaign on their hands. The large shift to remote/home working, and now because of that the change in how security works.
What’s the new problem with working from home?
When the majority of people are in an office, it’s much easier from an IT perspective to secure things. You’re all using the same internet connection, quite often there’s an IT person you can go and ask before you click on anything weird and sparing that, there’s the colleague (often called Jeff) 1who “knows about t’computers”. Everything is rather self-contained and easy for the IT team to secure.
That all changes when you’re working from home. There are so many internet providers out there, all with different security filtering – on a scale from lots to none. You remote back to your office over VPNs for corporate systems like intranets and files, but most often use your local home internet connection to access the web. But the worst thing is – Jeff the guy who knows about computers isn’t there to ask before you click something!
The changing Attack Surface working from home
This concept where you’ve gone from one way of working to another has altered what we security professionals call, the ‘attack surface’. When you’re at work, it’s difficult for the attacker or hacker, to get through your corporate internet connection, they’re often very secured with good firewalls. Even the lack of an IT guru at home called Jeff changes the attack surface.
So for the IT world, this has created a whole new headache of how to manage this. When there was only a few, potentially very IT literate users working from home or flexibly working pre-Covid19 the risk was quite low. Now it’s a huge portion of the workforce, it’s much more difficult to manage and mitigate the risks.
The IT industry had to move quickly to get people to work from home and to be fair, that speed had a price. Many organisations had to relax some security features of their IT infrastructure to make it easier for people to work at home.
IT Industry Response to post-Covid19 threats
The IT industry has been moving quickly, but quite often, not as quickly as the attackers and hackers. You may have noticed many updates rolling out for Microsoft products, even Zoom. Patching and updating have been going like crazy. Now, security hardening is happening across IT infrastructures as they’re getting used to the new normal.
Some of the examples of what’s going on:
- Enforcing Multi-Factor Authentication (MFA) – that’s when you get usually a one-time passcode, via a text, app or phone call to make sure it’s you who’s logging into a system.
- Behavioural Analytics – where your actions as an IT user is being monitored, if something happens that’s too far removed from your normal routine, the action will be flagged or blocked. For example, if you never do any encryption on your laptop, but all of a sudden it seems that a lot of files are being encrypted, it will be blocked as it’s a sign of malware running.
- Impossible Travel Blocking – if you’re currently working from home in Glasgow, but you’ve then logged in from London minutes later, it would be blocked.
This is more modern stuff, in addition to the more mundane spam and phishing email detection that is going on constantly too. Google’s systems are currently blocking around 240 million covid19 related phishing emails each day with 18 million emails that contain covid19 themed malware on top of that.
Microsoft has also revamped Office 365 now part of the more comprehensive Microsoft 365 branding and have a new Secore Score system. If you’re an IT admin, you can check out actions for security improvement.
Can I do anything to work more safely from home?
The answer is, yes! The biggest problem is that there are always hackers and attackers that remain one step ahead. The best way of course not to have to worry about your safety is to practise good cyber-hygiene. Just as we’re all social distancing, washing our hands frequently and being alert – keeping your technology safe, has a lot of the same parallels.
- Stay Alert! If something doesn’t look right, it probably isn’t. If you’ve never received an email from someone via a platform like OneDrive, WeTransfer, Dropbox and the like. It’s more likely than not a phishing exercise. Also, another good example if you see a filetype of “An interesting invoice.pdf.htm” then be ultra alert – this is someone trying to fool you that they’re sending one type of document when it’s a different filetype that can redirect you to a malicious website – the last three or four letters of a file type will be what the file is. I also advise people to look at the file sizes and take notice – an invoice will always be a few kilobytes, unlikely just a few bytes, which indicates it’s just text or code.
- Control the Malware! I’ve seen sophisticated social engineering attacks where hackers gain access to email boxes and use those to pretend to other parties to represent the company. They’ll do nefarious things like change bank account details for invoices due and even speak to your customers! I’ve also seen scattergun attacks, we’ve all received these type of emails. These attacks are done by the less able hackers, the ones who are starting out and affectionately known in the industry as ‘script kiddies’. If you can stay alert and develop a sense for what doesn’t look quite right and question what you see, you’re less likely to fall foul to an attack.
- Save Files! I may have repurposed some of these bullet points – but yes, if you Stay Alert, Control the Malware – you’ll undoubtedly save your files, or at the very least stop your data leaking elsewhere and being used against you, your company or even the people you communicate with. Just as the UK Government is currently using the message of Stay Alert, Control the Virus, Save Lives – cyber hygiene is very similar to real-world hygiene for the pandemic.
There are always people who can help
Even if you now work from home, Jeff the guy who works with you is probably still available on the phone or Teams and the like. You’ll also have a team of (sometimes friendly) IT people who have your back. If you’re not sure of something and just want to get an expert check it out. I’d highly recommend you do so. Believe me, when I get asked, I always point out what to look for so that the person can learn and see what I see in a phishing attack.
Whilst at Unleashed, we don’t yet employ anyone called Jeff, we do know about business IT systems and cybersecurity. We’re always here for a chat so please feel free to contact us.