Hackers Are Targeting Remote Workers To Steal Company Data
According to PRNewsWire FBI tracking cybercrime has seen a 400% increase in cybercrime complaints. In 2020 this resulted in losses globally of over one trillion dollars. Unfortunately, prosecuting these criminals is almost impossible and the key is to AVOID cybercrime and ensuring that sensitive files are secure. These threats and breaches have become more of an issue with employees working remotely.
Remote access and working from home have many advantages but also some major cautions that must be observed. Here are some threats that exist with remote working.
It attacks your computer by encrypting data and then demanding money to obtain the “key” to unlock the data and be able to use it. Generally, the hackers are abiding by the unlocking since if they didn’t, ransoms wouldn’t be paid. This hack has caused huge problems for government agencies, hospitals, and large and small corporations. One hospital was hacked locking up all patient files, causing problems with patient care and resulting in one patient’s death.
Unless your remote workers are using company-issued hardware with assigned company software, you may not be completely protected against ransomware. And even if hardware and software are up-to-date and provided by the organization, it is still no guarantee of safety.
During the pandemic, 33% of data breaches involved social engineering scams with 90% being phishing exercises. Working remotely, particularly from home generally creates a more relaxed atmosphere where employees are less likely to be “on guard” and more accepting of phishing emails or scareware or interesting inquiries that could result in unauthorized access to organization files. One way to prevent this is to limit employees to a specific privilege. In this way, even if they are hacked, cybercriminals may obtain their credentials, they would not gain access to the entire system.
Use of Third Party Software
Statistically, in the US the top 30 e-retailers have connections with 1,131 third-party software resources each, and a quarter of those connections may have at least one critical vulnerability. If any one of the connections within this web is infiltrated, it provides hackers a path to other domains. A breach involving a third party may cost as much as $4.29 million.
A Distributed Denial of Service attack is an attempt to make a server or a network resource unavailable to users. This can result in customers, clients, or other company users being unavailable to access your system. Using multiple connected devices which are often linked by the use of a botnet or occasionally by individuals who have coordinated their activity a DDoS can halt your business practices or allow intruders to gain access. DDoS attacks are generally a second wave attack after an initial hack has infiltrated at least one device.
Cloud Computing & Storage
Cloud computing and storage are almost a necessity when using remote workers and the use is growing very quickly. Hackers have noticed this growth and work diligently at exploiting any vulnerability in the cloud application. All cloud computing/storage offerings are not the same. In one financial quarter of 2020, hackers executed 7.5 million attacks on cloud user’s accounts. Criminals, often using artificial intelligence (AI) constantly scan servers, looking for unpatched systems, weak or no passwords, or any vulnerability providing access.
Hackers will plant ransomware to lock files or steal secure information. This hack can then affect all the organizations using that cloud service. It is imperative that the credentials of the cloud service be thoroughly investigated before contracting for their use.
The pandemic created an atmosphere where organizations needed to either lockdown completely or quickly switch to a remote working environment. This, in many cases, compromised the security of the IT infrastructure. Many in-house IT groups were not prepared for widespread use of remote access which limited their preparedness for security protocols.
Now that the pandemic constraints are beginning to lighten, it is time to review security practices and tighten things up since although the pandemic may be over, remote working is now becoming a normal practice. Cybercrime will continue to grow as it has become very lucrative for hackers with a minimum of capital expense. For this reason, many organization leaders have stated that they will spend much of their coming IT budgets on tightening up security and developing strong policies on threat response reaction. These policies will then need to be communicated to all employees accessing their network.
Cybercriminals are getting better every day. Security is not just the job of the IT staff. Make sure EVERYONE is aware of the potential threats, especially those still working remotely.
Call a 10X Consulting Group team member at 704-931-1056 or visit us online at https://www.10xcg.com/ and let us help you review your IT security platforms for remote workers to ensure your company is protected against these vulnerabilities.