More companies than ever have shifted to a remote workforce. That means communication typically done inside a secure corporate network is now being done at home—the perfect scenario for hackers to exploit weak points in a business’s communications protocol and access sensitive data. With that in mind, let’s look at how you and your customers can leverage remote work, boost cybersecurity and ensure fraud prevention while minimizing the risk of cyberthreats.
Your awareness is key
The threat hacking poses to all remote work is potentially huge. Hackers will exploit any and every situation they can. From natural disasters to local emergencies, they will craft emails claiming to provide valuable, relevant information regarding current events. Another popular tactic is to send emails posing as a government agency (e.g., the FBI or IRS), commanding users to open the email and click. This is what is known as ‘phishing’ and is a popular hacking method for exploiting the perimeter of your network (your firewall, website, etc.) in order to gain access.
In a phishing scenario, you receive an email that claims to be from a legitimate source, but is designed to trick you into clicking on a link or downloading an attachment as a way of gaining entry. One way to spot a phishing email is to look at the sender: Is this someone you know? Is the email address even from your work email domain? If you’re unsure, don’t click any links or download attachments.
Another wrinkle in phishing attacks: If someone you know (a co-worker or client you work with) gets hacked, the malware then automatically sends you an email from their email address. So, the email will look legitimate because it’s from someone you know, but it still contains malicious links or attachments. How can you spot this other type of phishing email? Look for other signs of strange behavior. Would this person normally insist for you to click a link or download a file? Another sign are emotional appeals urging you to “act now” or else
—this tactic is banking on your instincts to trust the source AND
act to avoid some kind of harm or unwanted outcome.
Watch out for keyloggers
Another popular trend is credential theft via a keylogger. A keylogger is a program that tracks every keystroke you make when you type on your keyboard. Once a keylogger is installed, a hacker can then scan your keystrokes to find out sensitive data, including usernames, passwords, etc. This is a less obvious cyberattack because the hacker can log in as you so you typically don’t notice anything is wrong until it’s too late. Hackers can install keyloggers when you click on phishing emails or download malicious attachments.
If you see something, say something
If your customers think they may have downloaded something malicious or clicked on a suspicious email, they should let your system administrator or IT staff know right away. This will allow your security staff to isolate the infected computer while tests are run on it to avoid spreading any malware further. Some signs of hacking could include a mouse moving on its own and opening files and apps, or if you lock your computer and notice it unlocks on its own. All corporate laptops should have some form of security or antivirus software installed—especially one that allows users to initiate a system scan themselves if they suspect the presence of malware.
It’s important to educate remote workforces on the dangers of cyberattacks. Ingram Micro’s security experts recommend routinely sending emails to employees reminding them of threats. A built-in reporting system in your email client allowing employees to flag an email they find suspicious and send it to your security team for analysis is another good idea. You can also send out your own “fake” phishing emails to test employees. In the event someone clicks on your fake phishing scam, they would be sent to a site that educates them on the dangers of phishing.
The latest security tech
Sophisticated security technology is a must for effective fraud prevention. Most security architecture is invisible to employees, and that’s by design. There are certain aspects they can experience though, including Symantec software and security protocols like two-factor authentication. Companies work hard to secure their devices and their network, but the same isn’t true for personal devices. Employees should avoid using a personal device (phone, tablet or laptop) to do remote work. While convenient, unsecured devices are an easier target for hackers to exploit. And conversely, work computers shouldn’t be used for non-work activities. Logging into social media sites or personal email accounts also makes systems vulnerable to attack.
When in doubt, talk to the experts
If you have cybersecurity questions, let our experts help. Whether it’s digital transformation, updating your own workforce to be remote-capable, or securing your customers’ corporate computers and mobile devices, we’re here to support you. For questions, contact the Ingram Micro Consulting and Enablement Services team at firstname.lastname@example.org
For more information, check out this white paper
, or view this security infographic