Since the outbreak of the COVID-19 started, millions of people worldwide have been forced to leave their offices and work from home. Along with this, we see more people that talk about the cybersecurity risks of working from home.
The issue here is that your computer is normally protected by a safe and reliable server in an office. However, working from home reduces your protection significantly. Data theft and network hacking are just examples of cyber attacks that could have a devastating impact on your company.
In this article, we explain some of the greatest cybersecurity risks and how you can protect yourself from these risks. If you have any comments or input, feel free to drop a message below.
Cybersecurity Risks
Let’s start and review some of the most common cybersecurity risks. If you work from home instead of an office, these threats can become imminent and should be taken seriously.
Phishing
This is a common cybersecurity attack and where persons try to get personal information by using deceptive websites and emails. In short, by using disguised emails, persons can trick you to believe that the email or message is something you need or want.
Examples can be requests from a bank or from a person in your company. When you download an attachment or press a link, you might lose valuable data and/or money.
According to the FBI’s Internet Crime Complaint Center, people have reported that they’ve lost USD 57 million due to phishing schemes in a year alone. These are substantial numbers.
Common phishing emails typically include messages saying that:
- They’ve seen log-in attempts or other suspicious activity
- You have a problem with your payment information or your account
- You have to provide some personal information
- Emails that have fake invoices
- Asks you to click on links to make payments
- You’re eligible to register for a government refund
- Others
Ransomware
Ransomware infects your computer and displays messages asking for money to make your system work again. It’s malicious software that can be installed via deceptive links in emails, on websites, or in instant messages. It’s dangerous in the sense that it can encrypt important existing files with passwords, or lock computer screens.
Recently, we’ve seen multinational companies that had thousands of employees being victims of ransomware and where they are told to pay around USD 300 in bitcoins. Otherwise, they won’t be able to use their computers.
Multinational companies are often time-sensitive and the cost of releasing the bitcoins can be lower than the money due to the time lost.
Russia reported the first cases of ransomware in 2005, but we’ve seen many cases popping up since.
So how is ransomware spread? In most cases, ransomware is sent by email that seems legitimate. In the email, you’re often encouraged to download a file or press on a link that will infect your computer. Also, ransomware can be sent via drive-by-download on malicious websites.
Many ransomware attacks are sophisticated and can resemble emails from Apple, for example, where they ask you to unlock your account. There’s been a great in ransomware attacks and the FBI has reported that more than USD 1 billion were paid in ransoms in 2016
Network Hacking
Hacking is a serious issue that has increased tremendously over the years. In short, hackers attempt to exploit private networks or computer systems to control those. Interestingly, hackers are categorized into three kinds: Black hat hackers, White hat hackers, and Grey hat hackers.
In general, black hat hackers are the worst as they want to hack your computer for personal gain. They might steal, destroy, or prevent you from using your system. This can be done by finding weaknesses in computer systems and loopholes they can break.
White hat hackers, on the other hand, hack to find flaws to make their security systems more secure.
Finally, grey hat hackers are in between the two as they inform the network admin about the breach and weaknesses found. With that said, all kinds of hacking activities are illegal, including white hat and grey hat hackers as well.
Worth mentioning is that to be a hacker you need to be able to work with mathematics and numbers. This is essential and you have to review much data, code, and algorithms. Thus, not everyone can be a hacker as you need both computer skills and good mathematical skills.
Besides, you need to have patience as the hacks require a lot of time and are often complex.
Spoofing Attack
Spoofing refers to a scenario where a program or person finds and identifies itself by using false data, to get an advantage. In short, an unknown source might be presented as a known and trusted source.
So what kinds of spoofing exist? In total, there are five different types of spoofing: Email Spoofing, Caller ID Spoofing, Website Spoofing, IP Spoofing, ARP Spoofing, and DNS Server Spoofing. Let me explain two of them.
Email Spoofing: Email Spoofing refers to a situation where an attacker tricks the recipient into believing that the email comes from a trusted source. Usually, the emails include attachments that are infected with malware or links to malicious websites. They can also convince recipients to provide certain information.
Caller ID Spoofing: With caller ID spoofing, you will see a phone call as coming from a number that is trusted by you or that shows the geographic location of the caller, which builds trust.
The attacker can then claim to be from a bank, for example, and tell you to provide information about yourself over the phone. This is common among frauds in the cryptocurrency industry, for example.
ARP Spoofing: ARP Spoofing is a kind of attack where malicious actors send fake ARP (Address Resolution Protocol) messages over a LAN network.
How can I protect myself from cybersecurity attacks?
As more and more people have started to work from home, you must take measures and protect your computer and assets. You can do this in a simple way that I will explain more about below.
Use a VPN
Many people have rushed to their homes without taking precautions. Unless your company already provides a VPN, you should consult with your IT department or CIO and download a VPN as soon as possible.
VPN stands for Virtual Private Network and helps you to surf the net more freely, in a secure and encrypted connection. If you use a VPN, other people cannot spy on you and the VPN also prevents them from hacking your computer. Besides, they cannot see any data or messages.
VPNs are not only useful during the COVID-19 crisis, but offer protection wherever you go. Keep in mind that if you visit China, you cannot visit dozens of foreign websites due to the infamous Great Wall.
There are plenty of VPNs available for reasonable pricing. If you want more information, you can read our separate article (see link above) where we list some of the top VPNs. If you want help to download and get started with a VPN, you can also check this article.
BitLocker
BitLocker is a useful tool that protects your computer in case it’s stolen or lost. As millions of people bring their laptops to home and cafe’s nowadays, this is something you should beware about.
So how does BitLocker work? BitLocker adds an extra step of security to get access to your laptop through encrypting information which is on the local hard disk. BitLocker was released in 2007, worth mentioning is also that BitLocker Drive Encryption can only be used on Windows 10 Pro and Windows 10 Enterprise.
Download an antivirus program
If you don’t already have an antivirus program, you should download one as soon as possible. If you don’t want to spend an excessive amount of money, there are even free versions out there. One antivirus program that’s free is Avira.
Check it out by visiting this website. As you can see, with almost 20,000 reviews, Avira has a rating of 4.5, which speaks for itself.
Close/bring your laptop if left unattended
This is probably a no-brainer to somebody, but you should close and/or bring your laptop when visiting the toilet in public places, for example. This is one of the easiest measures to take to prevent persons from hacking your computer.
Change your router login and password
A recommended option is to change the password and login information on your router. This should be done from day one. The reasons are that the standard passwords for many routers are weak.
The router can be turned into a bot in case the attacker writes them into the code of malicious programs. Besides, they can spy on you as they can see what you send online.
Update operating systems and programs
Cybercriminals often target people who are lazy and rarely update operating systems and programs. Thus, it’s important that you update everything that is installed on your devices frequently, especially if it’s used for work.
Be vigilant
Cybercriminals become better at creating convincing messages and requests, a reason why you have to stay vigilant. If someone asks for documents or payments, read the email carefully and preferably get a confirmation with the person by phone.
Be careful pressing on links in emails (read more about phishing about).