Guarding against common cyber attacks while working from home

As insidious as it sounds, there are people who use disasters and crises as opportunities to seek financial gain with complete ethical disregard.

There is considerable evidence pointing to a sharp increase in cyber attacks globally and in Singapore that use Covid-19 as a hook to elicit ill-gotten gains.

For instance, my colleagues from global cyber threat intelligence outfit Unit 42 found that from Jan 1 to March 31, there were over 116,000 newly registered domain names that contain words such as “Covid”, “virus” and “corona”.

More than 2,000 of them were found to be malicious, targetting unsuspecting visitors at a time when real-time information about the disease is highly sought after.

We are more susceptible to cyber threats at home as security tends to be more tightly controlled in the office. So how can you guard against common cyber attack methods while working remotely? Here are eight ways you can protect yourself:

ONLINE SEARCHES

Remember those 116,000 new domain names? Cyber criminals have been found to leverage online search terms by placing links to malware-distributing or ad-filled websites in web searches and social media results.

As a precaution, enable the website filtering function on your anti-virus software and stick to trusted media publications when searching for the latest Covid-19 updates.

GAMING

If you live with your family, there is a likelihood that devices are shared, and if so, the same device being used to access secure company servers could be used for personal activities such as gaming.

Since the implementation of circuit breaker measures, traffic to online gaming sites and applications has increased significantly, as more people turn to games to pass the time.

Criminals often pepper third party sites with malware-infected apps, so make sure to download games only from verified sources such as Google Play and App Store.

VIDEO CONFERENCING

Video conferencing cyber attacks such as “Zoombombing”, malicious chat links and unauthorised attendees can be easily prevented with a few simple steps. These include enabling passwords, reviewing privacy settings, turning on notifications for new participants and disabling the “join before host” function.

Regardless of which video conferencing tool you choose to use, ensure that you are using the latest version and all the security features that are available to you.

When holding virtual gatherings with family and friends, it’s best to use your personal smartphone or laptop. Try to avoid mixing work and play on the same device if possible.

INTERNET OF THINGS

Internet of Things devices such as smart home appliances have become more common in our homes, but we often overlook the cyber-security risks they introduce.

Your smart television or refrigerator could very well be the entry point for cyber criminals to infiltrate your home network, especially since many of these appliances do not adhere to any universal security standards.

Hence, it is imperative that you change the default password settings upon purchasing such devices. It may seem like a bother, but it could prevent incidents like having your smart refrigerator turned off remotely or racking up bills from unauthorised subscriptions to on-demand TV services.

VIRTUAL PRIVATE NETWORKS

Conversations around security for remote working have largely been focused on business continuity, but little has been said about the risks of connecting to the enterprise network from home.

Can you recall when you last updated the firmware on your home router, if ever? Many of us often overlook the importance of keeping our routers updated, which makes them vulnerable to security risks.

Cultivating the habit to install the latest updates and changing the default passwords on your home router will optimise its performance in addition to the enhanced security benefits.

PHISHING

Phishing remains one of the most popular methods for cyber criminals to steal information in Singapore and this remains true even in the face of a pandemic.

My cyber threat intelligence colleagues have observed a surge in the number of phishing messages baiting people to click on malware links under the pretence of providing Covid-19 updates.

Always access your work email via a corporate firewall and be wary of anything that is being offered for free, whether through email, messaging apps, or social media. Be sure to think before you click as cyber attackers will always be on the prowl.

ONLINE SCAMS

The demand for face masks and santisers are at an all-time high so while it may be tempting to take advantage of flash deals, be cautious of bargains that seem too good to be true. Stick to the golden rule of online shopping and buy only from trusted retailers and platforms. 

Scammers are also taking advantage of those seeking to do good during this time of crisis so you may want to make sure that your donations, be it funds or supplies, go to registered charities that are listed on the Charity Portal run by the Commissioner of Charities.

CLOUD

It is vital that cyber-security measures extend to the cloud as it is a core component of the software we use for our daily work tasks.

Check with your IT colleagues to ensure that your corporate firewall infrastructure leverages threat intelligence to monitor all traffic coming in and out of the network. This will add another layer of protection for your home devices whenever you access the corporate network remotely.

Scammers never sleep. Their modus operandi is to search, select, and scam targets all day and a crisis of this scale is an opportunity for them to cause even more damage.

Relying on technology is one way we can combat cyber criminals, but cyber security is a shared responsibility.

This pandemic has made us even more dependent on technology to stay connected, emphasising the need for everyone to be aware of cyber-security best practices. We all have a role to play so let’s ensure that we stay smart while working from home.

ABOUT THE AUTHOR:

Teong Eng Guan is Vice President, Asean, at Palo Alto Networks, a cyber security company. Unit 42 is its cyber threat intelligence arm.