7 tips to avoid spear phishing attacks for Remote workers

10 April 2020 | App, Authentication, Tips

Charlène Demaret

|

Security experts predict at least a 30–40% increase in cyber attacks during the COVID-19 pandemic as remote working increases

As you know, the crisis and containment situation due to the COVID-19 epidemic has led to an intensification of remote working. Internet privacy and safety are still our priority so we wanted to give you a few tips to help you improve your home working experience.

While digital tools offer excellent support for home workers, switching work patterns on such a massive scale can have serious unexpected implications for cybersecurity. And with home-working becoming the new normal, cybercriminals are redoubling their efforts to take advantage of the widespread panic to intensify their attacks. And they are succeeding, alas.

Apricorn research published last year found that one third of IT decision-makers admitted their organisations had suffered a data breach as a result of remote working. Further, 50 per cent were unable to guarantee that their data was adequately secured when being used by remote workers.

So, are you adequately prepared?

Understanding the risks allows you to better detect the attacks and understand the value of the security measures to apply.

So, to enlighten you on the topic and help you avoid the worst, we’ve listed.

The tips to protect remote workers

The main risks and cyber threats resulting from teleworking:

1- Phishing:

Phishing translates into messages (email, SMS, chat, etc.) aimed to steal information (passwords, personal or bank information) by usurping the identity of a trusted third party. Possible consequences: hacking of professional email accounts, access to the organization’s information systems – intrusion on the company network, ransomware – fraud on false transfer orders.
You can stay aware of the latest phishing hacks on the NCSC government online report: https://www.ncsc.gov.uk/report/weekly-threat-report-3rd-april-2020

This french website developed in collaboration with the ANSSI (The National Cybersecurity Agency of France) allows you to report a scam when you see one: https://www.signal-spam.fr/

2- Ransomware:

Attack consisting in encrypting or preventing access to company data and generally asking for a ransom to free them. This type of attack is more and more often coupled with data theft and destruction of backups.

These attacks are generally made possible by an intrusion into the corporate network, either by remote access, or by compromising an employee’s equipment. Consequence: cessation of business activity, loss of data, etc.

 

3- Data theft:

Attack which consists in accessing the company network to steal data in order to blackmail, or resell the data stolen. Just as ransomware (see above), these attacks are generally possible by intrusion into the network or on the company’s hosted systems via its remote accesses or by compromising an employee’s device.

Consequences: damaging to the activity and damaging to the company’s image.

 

“Computer viruses can spread just as easily as human viruses. Just as you would avoid touching objects and surfaces that are not clean, so should you avoid opening emails from unknown parties or visiting untrusted websites” Says Robert Krug, the antivirus Avast security architect.

Create your @unikname now!

It is essential to secure your wifi connection properly to avoid any intrusion on your network that could be used to attack your business. Use a sufficiently long and complex password and make sure that you are using the encryption of your WPA2 connection. Also remember to update your Internet router regularly by restarting it or via its administration interface.

According to the actual standard of security, the cryptographic mechanisms impose a password to be a minimum key size of 100 bits to be secure (for example : a minimum of 16 characters in a 90 symbols symbols set). The number of bits define the “strength” of a password. Have a look at : https://www.ssi.gouv.fr/administration/precautions-elementaires/calculer-la-force-dun-mot-de-passe/

It is surely counter-intuitive having to choose a password this long, but unfortunately necessary in these trouble times since the number of router hijacking attacks are increasing constantly. We also recommend you to use the WPA2 protocol or a secure wired connection (Ethernet).

Especially when it comes to communications and sharing files and documents. Don’t send company information across personal email or social network accounts — no matter how tempting that might be.

This could generate security faults and could be detrimental to your business.

Strengthen the security of your passwords: Use sufficiently long, complex and different passwords on all the equipment and services you access, whether personal or professional.

The majority of attacks are caused by overly simple or reused passwords. For prevention, change them and activate double authentication whenever possible.
Even better that having to secure your passwords is using a passwordless solution or a strong authentication and decentralized solution like Unikname Connect.

Be more vigilant about scam messages and emails, do not click on suspicious attachments or links.
As listed above, you could be exposed to an attempt of phishing, to a virus hidden in the attachment or any other inventive scam. If you are suspicious follow up with a phone call or a message sent via other means. Simultaneously, avoid COVID19 hoax messages. Lots of messages about the spread of Covid19 are being used to spread malware.

“The most effective phishing attacks play on emotions and concerns, and that coupled with the thirst for urgent information around coronavirus makes these messages hard to resist” says Luke Vile, a cybersecurity expert at PA Consulting.

Backup is the only way to find your data in the event of cyberattacks. But also in case of system failure or data loss. If you have the possibility to do so, regularly save your work on the company network. But also somewhere external to your equipment (USB key or external disk). Don’t forget to disconnect and unplug your external device from your machine once the backup is done.

Check that all your connected equipment (PC, phones, tablets, etc.) is safely protected with an antivirus that is up to date. Also it’s best if you regularly perform a complete analysis (scan) of your equipment.

Especially on your professional equipment. Have responsible and vigilant use of your professional equipment and professional access. If you use your personal devices when working remotely, be aware that your personal activities can somehow be risky for your business, therefore be focus and cautious.

You should avoid as much as possible using social login solutions especially when authenticating on your professional platforms. For multiple reasons that you probably already know : Lack of privacy, professional and economic spying, lack of resilience (what if your social account get suspended?), lack of security (how many times web giants has been hacked?) etc.

The ideal alternative to social login is Unikname Connect. Our decentralized and strong authentication solution answers to the issue of credential theft and phishing hacks. In addition, Unikname Connect is also respectful to user’s privacy since it doesn’t store any data.

While this doesn’t wrap the full list of security concerns to keep in mind in situations like these. The primary security tips stated above should help you remote working in the best way and be safe at home.

Unikname Connect, the Confidential and Secure user connection

Protect your business and attract more users.

Follow us!