Join us for the Human Behavior Conference on Oct. 30th
According to Workplace, in 2019, “60% of remote-capable employees spent their week working fully on-site, whereas that figure has fallen to just 20% in 2023.” Additionally, hybrid work has increased significantly, and is on the way to becoming the most prevalent work arrangement in most offices. The COVID-19 pandemic had a clear impact on the way businesses function. These effects have lasted over to post-pandemic times. Because of this, it is more important than ever that we consider exactly how our climate has changed, the threats that exist, and what we can do to remain secure in this fast-paced world.
According to a report by Cybersecurity Ventures, “global cybercrime costs…could reach $10.5 trillion per year.” To put this into perspective, “this is more than the profits made by the entire illegal drug trade combined.” Clearly, cybercrime is a huge threat to our companies and families and is only seen to be growing.
Criminal activity on the dark web has also grown exponentially since the pandemic started. Additionally, trends such as malicious actors implementing social engineering techniques have only made their attacks more effective overall. For example, hybrid vishing attacks have been seen more and more. One example of a hybrid vishing attack is when an attacker sends a phishing email that includes a phone number for “technical support.” The target may then call the included number and unknowingly reach a vishing call center manned by malicious threat actors, who then elicit personal or company information. Unfortunately, these are the kinds of attacks we are witnessing day to day.
Since the way we work has evolved over the years, companies can no longer rely solely on their on-site internal technology infrastructure to maintain tight security. This is especially true regarding attacks that utilize social engineering techniques. Rather, companies need to stay up to date on the latest attacks and techniques, then disseminate this information through the proper channels to effectively reach all their employees. While employees are a large target for malicious attackers, they are also the first line of defense for companies. This is why it is so important to continually train and strengthen your human firewall.
Now that we know the importance of remaining secure while working remotely, we need to look at the how. While this topic could be discussed for hours, let’s look at some simple ways you can get started. (For a more in depth look at these tips, please view our blog, here.)
Many devices have the option for automatic updates, which should be enabled if offered. If automatic updates are not offered, you will need to check for updates regularly.
Implementing antivirus software across devices is another simple way to further secure your connected devices. Such programs can perform automatic scans for you and alert you to any potential weaknesses in your system. Choosing an antivirus software for your needs requires a little research but is well worth the time.
To start, it is of key importance to change the factory-set password and username. To assist you with secure, unique passwords and remembering your passwords, we recommend using a password manager.
Enabling multifactor authentication (MFA) is a way to ensure that the only person who has access to your account is you. At its core, MFA is a security enhancement that requires the user to present two pieces of evidence when logging in to an account. It adds an additional layer of security, which makes it harder for attackers to log in as their target.
Sharing on social media may not be the first thing you think about when it comes to keeping your company secure. In reality though, social media platforms can be a major source of information for malicious attackers. If you want to post but are unsure if it is oversharing, you can start by mentally running through the following checklist:
While this is not a comprehensive list of things to avoid posting, it does give you a starting point of things to look out for.
Many security breaches, as noted above, can be traced back to phishing emails. Be sure that you know the sender of the received email, the sender’s address, and that any requests in the email make sense before you even think of clicking on a link or calling a phone number in it.
While working remotely (or possibly even in the office, depending on circumstances), you should always use a virtual private network (VPN) to connect to corporate resources. A VPN creates a private network from a public internet connection. They establish encrypted connections that can keep your data secure. This added layer of security should be a staple in your work security measures.
Since hybrid work and criminal activity has increased over the years, it is more vital now than ever to be on guard. There are many practical ways we can go about this, such as applying the above tips, and becoming familiar with social engineering techniques. If you have already taken these steps, take one more by testing your employees with professional, certified, ethical social engineers. You can learn more about how to do this and what is involved here: https://www.social-engineer.com/managed-services/. We look forward to working with you!
Written by:
Shelby Dacko
Team Coordinator and Human Risk Analyst
In the modern era of technology, the methods of cyber criminals and bad actors alike continue to evolve. The topic of deepfake attacks is becoming more common in the digital
According to Workplace, in 2019, “60% of remote-capable employees spent their week working fully on-site, whereas that figure has fallen to just 20% in 2023.” Additionally, hybrid work has increased
