Has a remote workforce created new feeding ground for cybercriminals?
According to a February U.S. News and World report nearly 56% of Americans are still working from home in response to the coronavirus pandemic.
Keeping business information and data locked down, being aware of the pitfalls of data security while working from home or remotely and keeping pace with prevention technology should be a top priority for business leadership – and their employees.
“It’s a wild west you don’t see,” said Steven P “Mac” McKeon, president and CEO of MacguyverTech based in Glenolden, Delaware County, Pennsylvannia.
Because there is no “playbook,” McKeon said active cyber criminals and their systems are meant to tear economies down – from private citizens to business and commerce and governments. “It’s an active way of thinking,” he said.
The rapid rise of ransomware attacks in particular since the pandemic began last March has made cyber security breaches – and the hackers behind them – even more dangerous. Ransomware holds data or information hostage until the victim pays for the stolen or locked data to be released.
“We’ve seen an explosion of ransomware and the perpetrators are getting even more sophisticated,” said Daniel Lopresti, professor of computer science and engineering at Lehigh University in Bethlehem, Pennsylvannia.
He said the most chilling aspect of the latest crop of ransomware hacks is how the “evil” side of the digital equation has evolved to become a “cottage,” industry-like business.
“Companies make a living providing services to would-be hackers,” Lopresti said.
Those offering ransomware to “newbies” entering the dark cyber realm provide the technology and the services. That means newcomers with no tech experience or savvy can approach hacking as an entrepreneurial start-up.
“They [the hacking service companies] actually show [clients] how to use bitcoin, which uses blockchain to monetize payments, and they provide other services, too,” Lopresti said.
Blockchain technology could become the next effective tool in making legitimate cyber activity more secure – which would protect those working in remote or home office environments, according to McKeon.
“You can think of a business process or a problem, and it’s already in blockchain,” he said.
Blockchain is a database upon which pieces or “blocks” of data or information are linked or “chained” together, creating a linear, or time-structured storage unit. McKeon said the use of blockchain in security networks can create a highly secure environment that is more resilient against hacking or becoming compromised.
Sophisticated criminal command centers looking for any available entry route to break into a company’s data infrastructure by exploiting its weakest link. Blockchain databases would create a more difficult entry point.
“It’s different now… it’s cyber warfare,” McKeon said.
Those using a home network to also conduct business are likely ill prepared to rebuff the newest or next level of sophisticated cybercriminal attacks.
Those home or remote network VPNs, or virtual private networks, available to most employees working from a home have the potential to create a “tunnel” for hackers to enter a corporate network.
Using a layered approach to security, changing VPN credentials often, changing passwords and authentication steps often, are among the best defense from cyber attacks.
“If it’s too difficult the hackers won’t be interested, they’ll move on. They really want the low-hanging fruit,” McKeon said.
Rob Baker president and CEO of Christmas City Studio in Bethlehem Township said cyber security has always been a top priority at his firm.
Christmas City is a photography business partner to area school districts. Keeping the private information of thousands of minor children safe creates a mission to maintain the highest level of cyber security.
Christmas City Baker leases server space and does not own or maintain its own hardware. Leased servers allow his business to easily keep pace with the latest encryption enhancements.
It’s also meant anyone working remotely has the same access to highly secure information and processing services as if they were in the office.
Don’t wait until it breaks
Scott Gingold said remote worker challenges and cyber security risks have been amplified by the significant exodus of a remote workforce. Gingold, president and chief visionary officer of Lehigh Valley Technology in Hanover Township, Northampton County, says companies can no longer afford the “when it breaks I’ll replace it” mentality.
Having a consistent replenishment or lifecycle equipment management plan can help a company keep pace with technology and software upgrades.
For every 10 computers or laptops a business uses, Gingold recommends planning to replace 2 or 3 units a year on an ongoing basis.
“Get over the mentality of replacing it when it breaks or dies,” he said.
As previous disasters have proven – from floods and devastating storms to electric power failures, a business continuity or disaster plan should be an essential part of any business operating plan – and should include cyber security.
He recommends such business housekeeping details as maintaining current OS or operation systems on devices used for company business; being proactive and buying protective systems for home office equipment and issuing company owned laptops for employees working from home to use.
Keep communication open and frequent. Start a survey of remote workers to understand what kinds of technology they need to work from home productively, comfortably, safely and effectively.
Sandra Kuhns felt her company was prepared to work remotely when the pandemic forced businesses to close in March, 2020.
With project files already digitized, Kuhns, president of K & H Custom Window Treatments in Trexlertown, said the work from home migration was efficient and relatively painless. K & H provides services to new construction and commercial renovation customers for window treatments and installation. But the preparation and hard work didn’t prevent K & H from suffering a data breach.
With her official email address hacked a fraudulent invoice was written, processed and paid out.
“Fortunately a second fraudulent invoice attempt was shut down,” Kuhns said.
While the breach caused a loss she said everyone is more cognizant of hacking potentials, especially via email. Tightening invoice processing and payments aims to make future problems less likely.
Kuhns believed the breach was at least partly caused by less frequent in-person contact because working remotely.
“We lost communication, and even though we tried to have weekly Microsoft Teams meetings, there were multiple things we didn’t have because we were not in the office,” she said.
Gingold said security awareness training is imperative for all workers, maybe more important for those working remotely.
Creating a culture where employees feel safe and are quick to report making mistakes – without any fear of punishment, shaming or repercussions is another asset in the fight against cyber crime.
“If an employee clicks on something they shouldn’t have, are they able to report it immediately without recourse,” Gingold said. “We’re at a place now where people have to think, what’s next.”