Because business customers hadn’t predicted that working from home would become ‘the new normal’ this year, many haven’t yet invested in relevant security tools and strategies, according to MDaemon Technologies (formerly Alt-N).
Brad Wyro, technical marketing specialist for MDaemon, has noted that a Bay Leaf Digital survey reports that 65% of newly remote employees are now using company devices from their homes.
“Not everyone recognises the security risks these numbers represent, both for employees and the companies they work for. Companies across North America have reported a 93% increase in cyberattacks in the past 12 months as hackers attempt to exploit widespread fear and uncertainty,” Wyro wrote.
At the same time, 42% are suffering from access problems, such as unstable systems, problems connecting to remote desktops, poor VPN services, and more, according to the same survey.
Employees working from home may in fact be specifically targeted, as they may be using less secure technologies and practices on their personal computers and other household devices, Wyro suggests.
Companies like TransUnion have suggested that phishing has targeted about 27% of consumers worldwide during the pandemic — typically collecting personal data. And of course, data breaches continue to cost businesses of all sizes money, time and other resources.
Wyro said attacks often happen while reading or managing email and that 2020 has so far been a “banner year” for cybercriminal attacks. Yet because many companies expected the transition to working from home to be temporary, they failed to invest in this aspect.
“According to Bay Leaf Digital, nearly 80% of senior management diverted less than 20% of budget to support the transition. This failure to plan — or at least to proactively patch — is likely part of the reason why hackers are enjoying such success,” said Wyro in a follow-up post here.
The work-from-home trend is now expected to stretch through 2021 at the least, he added, noting that in the Bay Leaf survey, 70% of respondents said they actually want to work from home more than half of the time.
“The time for securing email and other systems so employees can safely work remotely is no later than right now,” wrote Wyro.
Employees must stay on the lookout for attempts to bypass security measures, which means a focus on ongoing user training. They should know about common scams such as business email compromise.
Other warning signals include asking for macros enabled, personal or banking details, business information or shipment details. Poorly written emails with spelling errors or incomplete greetings can also be a sign.
Users should be trained to “think twice about and check three times” before downloading any files or clicking any links, even in expected messages like shipping or payment confirmations.
“Of the email-based cons, phishing for unwary responses is the quickest and easiest; if one simple phishing email produces results by even the most miniscule standards, it still opens new doors for other, more lucrative cons. And all it takes is one employee error to let that con start running in your networks,” Wyro said.
“When in doubt, all employees should pick up a phone and call the email sender for confirmation. Further, if anything about an email looks even slightly off-kilter, don’t hesitate to use the ‘report function to send the email in for further scrutiny.”
Additionally, organisations should work to ensure data privacy and security by requiring strong passwords for email servers, account databases (Active Directory, LDAP, etc) and the like. SSL encryption should be enabled for SMTP and HTTP.
“We do not recommend allowing the whitelisting of local email addresses. Messages sent to any whitelisted address could bypass many ecurity settings and put your server at risk of being blacklisted,” he warned.
Institute safeguards like multi-factor authentication and endpoint protection, detection and response tools. Require remote employees to configure their email clients to send email over a secure, encrypted connection using port 587 instead of port 25, which does not use SSL. Behavioural screening features (like MDaemon’s) can detect password guesses or hacking attempts.
Unauthorised access should be prevented by requiring SMTP authentication, with SMTP sessions only honoured if they come from an IP address known to belong to a listed domain. Inbound SMTP and HTTP connections should be blocked from countries in which the organisation has no legitimate business interests.
Suspicious activity — such as multiple authentication failures or a large number of connections in a given timeframe — should also be blocked, he said.
“Keeping up with this level of detail can be difficult for small and midsize businesses – especially when the threats evolve nearly every day. That’s why so many businesses turn to a third-party email security provider like MDaemon Technologies,” Wyro said.