The National Cybersecurity Centre gives some clear tactics which private individuals can use to mitigate cyber threats:
+ Use a strong a separate password for your email
+ Create strong passwords using three random words
+ Save your passwords in your browser
+ Turn on two-factor authentication (2FA)
+ Update your devices
+ Backup your data
For SMEs their advice is far more comprehensive and includes:
+ Password management
+ Backing up data
+ Having active cyber defence
+ Training of employees
+ Operational security
+ The use of encryption
+ Penetration testing
The Human Element
I like the following quote:
”Companies spend millions of dollars on firewalls and secure access devices, and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems.” Kevin Mitnick
Ultimately, any cybersecurity strategy relies on the human element. With WFM prevalent, it is likely that the human element is, arguably, far more important than ever before. A remote worker may be more of a risk to an organisation if he or she is not in as regular communication as they were before with an I.T. support team or is not receiving regular training.
The Rise of Social Engineering Attacks?
With workers, in many cases, experiencing less frequent communication than before it is likely that social engineering attacks will rise in the new home-working environment (it being a far less ‘controlled’ environment than e.g. a corporate office). Social engineering relies on the attacker gaining the victim’s trust. For this reason, basic security measures can mitigate this risk such as paying attention to emails, being wary of attachments and links, and being cautious of any urgent requests involving money.
A notable example:
Shark Tank television judge Barbara Corcoran was tricked in a nearly $400,000 phishing and social engineering scam in 2020 according to CNN. A cybercriminal impersonated her assistant and sent an email to the bookkeeper requesting a renewal payment related to real estate investments. He used an email address similar to the legitimate one. The fraud was only discovered after the bookkeeper sent an email to the assistant’s correct address asking about the transaction.
New attack vectors and new ways of working will increase the need for cybersecurity professionals able to rise to the challenge.