Cybersecurity threats on an increase as companies shift to WFH model
Author: James Carnell
Cybersecurity is fast becoming a pertinent global issue during the COVID-19 crisis as more and more companies shift to virtual offices.
Experts have pointed out that the methods being used by criminals are getting more and more sophisticated by the day. Over the past few years, there have been increased efforts to disrupt public opinion, money laundering, and other fraudulent activities.
According to Lovelesh Chhabra, the Vice President of Identity, Privacy, and Mobile for Verizon Media (the new home of Yahoo), sophisticated attacks are expected to increase, so companies, as well as individual internet users, need to stay alert.
According to him, the two big technology developments over the past decade or so have been the proliferation of wirelessly connected devices (IoT) and the emergence of drones.
Types of Threats while operating from Home
According to the Cyber Security Expert, who has previously worked with companies like Pfizer, Oracle, IBM several threats are getting more and more sophisticated by the day. And although work from home has its perks, when it comes to security there may be quite a few security loopholes companies will need to suddenly consider.
Chhabra who after just six months of joining Yahoo’s identity platform, was handling all logins of a few hundred million users a day and billions of transactions per day, to protect them from being misused, feels that the use of Malware, AI, and Deepfakes could spike this year. “Magecart, Malware as Service and Targeted Ransomware are the three categories of malware that will be used to target organizations like banks,” he said.
Chhabra whose invention of the Yahoo Account Key marked the beginning of a whole new era in user privacy and security feels that as the world shifts to a work from a home model, online security is fast becoming an area of primary concern.
Unlike inside an office environment, where IT managers can control the security of all Wi-Fi networks, most home networks tend to have weaker protocols like WEP instead of WPA-2. This allows hackers easier access to the network’s traffic.
Over the past couple of months, we have seen a spike in deceptive emails with malicious links and attachments.
Once an employee clicks on this malicious link, a hacker can gain access to the employer’s device or get the employee to provide their corporate username and password allowing the attackers to ‘pretend’ to be the employee and cause harm to the company’s systems.
Internet of Things and Drones
He explains that although both these things are not new, they did reach their tipping point in 2019. “ This could pose a threat as most IoT may have back doors allowing the manufacturer undue access even after the components have been assembled. So, targeting of IoT devices by both nation-state and criminal hackers is quite possible,” says the man who developed the Yahoo Account Key to enable users to better protect their accounts and completely avoid any back doors or direct attacks at the user’s data. .
“Even self-driving vehicles are not entirely safe as the potential for hijacking smart cars has been demonstrated in the past,” he added.
Drones, like IoT devices, are not new to the criminal chain, as they can be equipped with Raspberry Pi computers and Wi-Fi sniffers to intercept and listen in on telecommunications. These will be listening for sensitive information and for credentials to access corporate networks.
Video Conferencing Security Risks
The global workforce is going to be based at home for the foreseeable future and video conferencing, for many of us it has become an integral tool for day to day work.
However, certain video conferencing services have recently experienced security breaches. For instance, there have been cases where an uncited person gains access to another person’s video conference and enters it to intimidate and harass other users. So, it is important to be aware of these potential breaches. As such invasion of privacy could result in sensitive information being leaked and the whole team may also suffer from personal and potentially traumatizing attacks.
In such situations Chhabra recommends the following tips:
Ensuring meetings are private, either through a password for entry or controlling guest access from a waiting room.
Considering security requirements when selecting vendors. For example, choose vendors who offer end to end encryption and enable it from the get go.
Ensuring VTC software is up to date by installing the latest patches and software updates.
Chhabra states that there are three simple ways companies can protect themselves and their employees from cyberattacks:
Use passwords that are strong and secure
One of the simplest but often most overlooked ways to protect yourself when working from home is to use strong your passwords and ensure that password protection across devices is maximized.
According to the cybersecurity expert, it is important to use passwords on all devices and apps. “Make sure the passwords are long, strong, and unique” Consider using password managers (many are available for free). A machine-generated long password is going to be safer than one that you come up with. Also, consider using a passphrase. A passphrase is a sequence of words that is longer by definition and more secure than a password.
Pay attention to email security
Email security should not be taken lightly while working from home. According to, the UK’s National Cybersecurity Centre (NCSC) and other experts like Chhabra, it is important to make sure emails can only be securely accessed via the company’s VPN, which creates an encrypted network connection that authenticates the user and/or device and encrypts data in transit between the user and your services. Make sure that the devices employees use to encrypt data whilst at rest, which will protect email data on the device if it’s lost or stolen.
Most modern devices have encryption built-in, but encryption may still need to be turned on and configured. Beware of phishing attacks that appear to be taking an ever-growing number of forms. The NCSC has published guidelines for how to spot and handle these — it’s worth communicating this advice to the whole organization.
Maximize security around online banking
Those who are responsible for business accounts, you will want to be sure that they are doing everything in their power to ensure that the money is being stored and transferred in the safest ways possible. The last thing you want during this period is to encounter a security breach in any of the online banking platforms.
“Only use credited software and services to handle funds. Credible institutions should include information for human contacts on their websites who can speak to ease any concerns,” says Chhabra.
When accessing a banking website, make sure you are logged on via a Secure Hypertext Transfer Protocol. This means the URL should include https:// rather than just http:// at the beginning. You should also see a lock on the left of the URL bar of most internet browsers, indicating that website has an authenticated security certificate.
He further stressed that companies should also take this opportunity to increase the security of their businesses and personal bank accounts. “Tighten passwords, add memorable information, and, if possible, ask your bank for a card reader to ensure that all online payments require a physical payment card. If you have the option to switch to mobile banking, many platforms now require a verified fingerprint to log in, which can enhance security even further”. Enable two-factor authentication on every bank account/financial institution to ensure that compromising a password is not sufficient to wipe away the funds.
This period of crisis has unfortunately opened the door to many new types of hackers, scammers, and phishers. “These tricksters may try to target you via email, social media ads, or over the phone. They may request your bank details on the provision that they want to help you make large purchases or donations. Do not give your bank details to anyone, or transfer funds to any unsolicited vendors, unless you are absolutely sure that they are who they say they are.”
This article does not necessarily reflect the opinions of the editors or management of EconoTimes