Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward?
By
- Paul Lewis,
Nominet
Published: 20 Dec 2023
As we all know, the flexibility and convenience to work from anywhere has been welcomed by us over the past few years. But with this greater adoption of remote working comes an inevitable change in the risks that us as both individuals and employees face. In an office environment it is fair to assume that you can trust your colleagues, work devices and IT systems, however, once you step outside of that environment and work from home or in a coffee shop the risk level can change dramatically.
While security professionals can never completely guarantee that employees would not fall victim to cyber threats inside the walls of an office, the tools and best practices for end user cyber security are continuing to evolve as more and more of us work remotely. What it essentially comes down to is how can we best secure the environment around your laptop including yourself!
As safe as houses
Wi-Fi networks in public environments can pose a significant threat. Compared to corporate networks, public Wi-Fi setups may lack robust security configurations, making them susceptible to various cyber attacks. Threat actors may exploit vulnerabilities in routers or execute man-in-the-middle attacks to intercept sensitive data transmitted over these networks. A lot of these issues are mitigated using simple corporate tools such as virtual private networks (VPNs), but we must still be aware.
If we are using our home Wi-Fi network, securing them through the use of strong, unique passwords, regular firmware updates, and, where feasible, VPNs to encrypt data traffic.
The use of personal devices for work purposes, known as bring your own device (BYOD), also amplifies the risks to you. Using your own laptop for work purposes may lack the stringent security measures typically enforced on company devices. This raises concerns about malware infections, unauthorised access, and potential data breaches. Endpoint security, patching of software including device encryption to name a few, all become imperative to mitigate these risks and maintain a baseline of protection across devices used at home.
One striking example from 2023 is the case of a threat actor who compromised a LastPass software engineer’s local home network while they were working from home. The engineer used their home network to access a local video service which was out of date and allowed a backdoor for the adversary. This resulted in the theft of backups and some of the company’s internal system secrets.
Fighting back against phishing
Phishing attacks continue to rise not just in number but also in their level of sophistication.