In August, there was be a higher number of remote and home workers throughout London and the south. These times are prime time for hackers to follow the movements of your business - when more employees take holidays or work at different locations, and your business has less resources to handle an attack.
A Cyber Security Summer School study (1) showed hackers use public information to tailor their attack to your company and look for potential vulnerabilities, such as:
- Who are your board of directors?
- What industry events are in your calendar?
- Are employees likely to be on holiday at the moment?
- What employee contact information is available?
- And this August, how many of your employees are working from home or working remotely?
"Fewer trains will be arriving and departing at Waterloo, and some stations will close entirely. This is why we’re asking passengers to check how they will be affected now so that they can plan ahead, either by planning to travel at different times of day or working from home on some days during the works." - Becky Lumlock, route managing director of Network Rail.
And hackers know this, too.
So how can your business take extra cyber security measures this August?
Without proper policies and regular training for employees to spot signs and patterns of a malicious masquerade, they become the unintentional insider threat.
The best cyber security can’t protect your network if employees are tricked into running a virus via links and downloads from innocuous emails or other sharing tools. There’s a bigger capacity for human error when rushing to deadlines and meetings during commuter chaos.
4 questions for your remote and home workers this summer
1 - Is your WiFi secure?
WiFi is often set up by hackers with names impersonating businesses e.g. the cafe you are working in. Once you are signed up, they will be watching and logging your data and passwords entered. To be safe, if you use public WiFi, don’t access confidential business data. For an extra layer of security, ensure your emails, voicemails and WiFi phone systems are encrypted.
WiFi provided by real businesses is still vulnerable to attack. For example, in hotels, Wired magazine (2) found a vulnerability in WiFi routers allowing attackers to distribute malware, monitor and record data sent over the network, and even access hotel reservation and keycard systems on cloud based solutions. Also, check the terms and conditions of public WiFi - to make sure you don’t have to clean public toilets. How freely would you or your employees sign up for WiFi with a clause by hackers claiming your data and passwords?
Company policy takeaway: Employees should not access any business critical information over any WiFi network that is not owned by your own business or not a corporate VPN.
2 - Is your password secure?
Ensure employees know the criteria for, and set, strong passwords. Criteria for good passwords includes long passwords with multi-characters, unique passwords for different systems, do not duplicate passwords for work and personal accounts and devices, and a two-step authentication process. Good passwords and two-step authentication to access or transfer documents that can trace information back to work and sensitive information will protect your devices and systems if your mobile, tablet or laptop devices are stolen or lost and falls into the hands of hackers.
Company policy takeaway: Employees should follow strong password criteria for business systems, including access to any device they use for work. Your business can set up systems to force employees to reset their passwords regularly and apply strict criteria.
3 - Is your device secure?
While employees need to keep devices with them and in sight at all times, preventative measures are needed in case devices are lost or stolen. Full disk encryption is the best defence for laptops, and use strong passwords, so that devices are useless if they fall into the hands of hackers. Don’t save information on the device itself (e.g. on the desktop) and always backup information in the cloud.
Company policy takeaway: Employees who work from home or remotely should use secured company devices to access business data, and password and/or encryption measures should be mandatory on all personal devices used for business, or access to business data should be restricted.
4 - Is your location secure?
The top high-risk venues for businesses were cafes and coffee shops, followed by airports, hotels, exhibition and conference centres and airplanes, according to the latest iPass report(3).
In these public places, employees need to check people around you and the visibility of your screen, because your security could be compromised by one discreet photo of your company’s sensitive information or logins.
Company policy takeaway: Employees should ensure passwords are not seen, screens are not visible and WiFi connection is legitimate when working in public places such as cafes, hotels and airports, and should be vigilant in busy areas.
Does your business have more employees working at home or remotely this August?
1. Cyber Security Summer School 2017: Social Engineering Capture the Flag. July 2017. http://www.studyitin.ee/c3s2017
2. "Big Vulnerability in hotel Wi-Fi router puts guests at risk", Wired magazine. March 2015. https://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/
3. iPass Mobile Security Report 2017. https://www.ipass.com/research/ipass-mobile-security-report-2017/