The New Normal of distributed work means people, who may have worked from their offices are now accessing sensitive data and critical systems on their phones and laptops from remote locations. We know individuals’ networks and devices are more vulnerable to cyber-attacks which are directed at stealing their data and snooping into their online accounts, to either defraud them or engage in identity theft.
How Likely is Your Computer can be Hacked?
Well, it depends on many factors. What software is it running? Have they been updated? What network it is connected to? How many other computers, gadgets, and IoT devices connected to it? Are they secure? Probably not! Security’s visibility into the endpoint is limited to when it’s connected to the corporate network.
Outside of that, they are in the dark. We should work on the assumption that employees will get phished and the endpoint will get compromised. Deception can play an important role in directing attacks away from critical assets and toward traps that will alert security of malicious activity.
Here are the common types of cyber-attacks that aiming towards remote workers and potentially preventive tips.
1. Phishing Attacks:
Phishing attacks leverage emails and social media messages to trick internet users into downloading malicious attachments or clicking on links that forward them to a website that is designed to steal user’s data such as credit card information and login credentials.
“These kinds of attacks play on people’s emotions to make them act quickly and without thinking, so if an email makes you feel scared or excited it is possible that you are being attacked. Remember that if something is too good to be true, it likely is – so think twice before clicking on links or providing personal information or card details to any incoming messages” says Ray Walsh, VPN expert from Proprivacy.
Cloned websites are designed to look like the real thing, and if users stumble across them, they may not notice and enter their credentials into login portals or card details into the check-out of an online store. Always look closely at a site’s URL in your browser for signs that it might not be genuine. If anything seems suspicious, leave the site at once.
How to Prevent Phishing Attacks?
As phishing attacks are exclusively aiming to trick users into revealing their sensitive information or stealing money. The only way to prevent this is to provide comprehensive cyber-security awareness or training for employees, users, and individuals.
2. Man-In-The-Middle Attacks:
Man-In-The-Middle (MITM) attacks occur when a malicious user interfere between the connection of two endpoints either observing or manipulate the communication. This could happen in a legitimate network or a fake network that the hacker controls. This can lead to either an active intervention (think of someone impersonating someone you trust) or passive listening (think of someone just hearing what you’re saying).
How to Prevent Man-in-the-Middle attacks?
3. Distributed Denial of Service Attacks (DDoS):
It happens when a bad actor floods the network with so much data that computers cannot process it all at once. This is particularly problematic for websites since they treat everyone who comes in (at least at first) as potentially a real, interested person. Unfortunately, that means they have to examine all requests, and the real request can get lost in the noise. These attacks are often targeted at organizations and governments, etc.
How to Prevent DDoS Attacks?
Websites have added a lot of things to reduce this, including captchas to eliminate bots, blacklisting IP addresses, etc. On networks, the best way to deal with this is by authenticating everyone as trusted and dropping non-trusted.
4. Drive-by Attacks:
Drive-by attacks are the most common method for spreading malicious code over the internet. Often cyber criminals choose un-secured and vulnerable websites and place malicious into It refers to unintentional download and install of malicious code too
A Drive-By attack involves the attacker planting a malicious script on the website. The script can install malware onto the computer when a user visits that website,
How to Prevent Drive-By Attacks?
And this will happen themselves even without the victim clicking anything on the site. That is why it is essential to use an antivirus program with active, real-time scanning that prevents any malware from being downloaded.
5. Malware and Ransomware Attacks:
Malware is an application designed to interrupt the regular operations of all gadgets whether they are smartphones, desktops, or servers. There are various types of malware including spyware, ransomware, trojan, worms, etc. This malevolent application subsequently gets hold of the device and begins tracing the whole thing – it starts catching keystrokes, installing destructive software, pilfering important data from the gadget, and encrypting it to claim a payoff.
“A Trojan Horse is malware that appears useful and tricks the user to install it. Trojan horses are the most dangerous type of malware, as they are often designed to steal financial information” says Veronica Miller, cybersecurity analyst from VPN overview.
A Ransomware is a type of malware that (infects computers and spreads over the network devices) and disables a computer, then asks the user for money (the ransom) to unlock it. If such software disables your computer (normally by encrypting key files with a secret password), then you have no choice but to either pay the ransom (which often doesn’t work) or restore your computer from a backup.
How to Prevent Malware and Ransomware Attacks?
The only way to prevent malware and ransomware attacks is by implementing good anti-virus software, setting up a strong firewall, and regular back-ups. “But, you can mitigate the damage by “micro-segmenting” your network. This makes each computer have very limited connections to other computers. It then prevents those installed malware programs from spreading to other computers,” says Johnathan Mell from Q-Net Security.
6. Password Attacks:
Password attacks are the most common attacks to sneak into someone’s social and online accounts. The attacker leverage the hacking methods including directory, brute force, keylogger, MITM & social engineering attacks to find the user credentials. This will clear the way for hackers to gain access to critical resources and lead to a sensitive data breach.
How to Prevent Password Attacks?
There are a couple of things to do to prevent password attacks. Starting from the basics – avoiding public hotspots, configuring 2FA/MFA authentication, enforcing strong passphrases, and avoiding the same password for multiple accounts.
Good internet hygiene, browsing only secured websites (always checking for the padlock icon before the URL), using a VPN and HTTPS everywhere plug-ins will give you an extra layer of security.
Despite all the technicals, a basic awareness of cyber-crimes and cyber-security training for remote-workers will strengthen all the efforts towards securing your business. Investing in multi-layered security, robust backup, recovery systems, make sure every device has anti-virus software installed, and ensuring complicated passwords with regular changes for all employees are some of the basic things to focus on in 2021.