An educated workforce should always be a vital part of your cybersecurity protection program, especially when that workforce is predominantly required to work from home. Whether employees are using a corporate-issued device or a device they personally own to work from home, awareness of how their devices might be used as an entry point by threat actors attempting to gain a foothold in your network, and coupled with proper preventative measures will lower – or even remove – the risk of breach.
Most employees access sensitive network data remotely through a VPN, but these are also open to many vulnerabilities. Ransomware protection is needed to compensate for VPN weaknesses, keyloggers, phishing emails and harmful macros in order to safely work from home. Hackers are always looking for potential weaknesses in the security system to gain access, most commonly through user interaction on suspicious download websites or email links. VPN weaknesses occur at the endpoint, so to avoid detection, the malware lies dormant, while collecting data that the hacker can later use for exploitation. Keyloggers are able to record the user’s actions and once in, can access all sensitive data. Phishing emails rely on a simple link click that downloads malicious and harmful macros to wreak havoc.
BuerLoader malware for example, was delivered through a malicious loader in a Google docs link, under the guise of the reliable invoice payment platform AvidXchange, to encrypt files in specific circumstances. The malware contained capabilities to avoid sandboxed execution and infecting endpoints in former CIS countries and termination if less than 120GB’s space was available on the infected device.
Ransomware malware is used to hold a company ransom to a hacker’s demands and can cause irreparable damage. Files are encoded after downloading the malware. Sensitive data can then potentially be leaked, encrypted, damaged or lost. This causes disruption to the company both financially and to its day to day operations. An attack can also destroy consumer confidence in the company. Both managed and unmanaged devices can benefit from ransomware protection.
The ABCs of Ransomware Protection were designed to stress the steps to cyber safety. Authentication. Backup. Click carefully. Device security. Encryption.
Authentication (Specifically 2-Factor Authentication)
Two-factor authentication requires two separate types of user information before permitting a user to log in to an account. The authentication methods might include password, PIN, code sent to a special phone or a fingerprint. Corporate employees required to log in to accounts controlled by the business, such as Gmail should be using two-factor authentication. A password manager that stores encrypted passwords, e.g. LastPass should be required as well in order to ensure stronger password security, protect privacy and prevent data breaches.
Backup ( To the cloud or a private server)
All important documents and sensitive data should be stored on remote servers or the cloud, and no sensitive corporate work should ever be saved on local hard drives. Easy to manage with the capability to automatically backup and restore files, cloud backup is efficient and reliable. Setup a cloud storage solution such as GoogleDocs, or DropBox, and require employees to upload (or auto-sync) their content.
Click carefully (and install even more carefully)
To avoid phishing emails, fake installers and harmful macros, always be aware of what you are clicking on. Phishing emails are often non-personalised bulk emails (i.e. spam) which falsely promote a sense of urgency or a threat, such as telling the recipient that they must ‘act now’ to protect an account. They are also often disguised to look like they were sent by reliable companies, banks, or government agencies. Reputable companies never send unsolicited emails asking for personal or sensitive corporate information including account numbers or passwords. Malicious fake installers hide behind the guise of being a real product, but when downloaded and installed, can actually install a botnet or create a backdoor for attackers on your system. Often they do this without the victim even knowing about it. Harmful macros, usually hiding in Word documents, can also cause damage to both the appc and the applications.
Bottom line, don’t open, download, install or click on any document or file unless you are absolutely sure the sender is trustworthy.
Devices (Are not all equal)
Consider carefully which devices you use to access what and from where. Very carefully. Open networks, as those you’d find at a library or coffee shop tend not to have any encryption or real security, so connecting through them is less secure. It is best to avoid using public Wi-Fi to connect to the internet. If you must, avoid connecting to sensitive sites that require passwords. Be aware that potentially malicious apps and threats can occur via mobile devices. These devices are not as secure as a laptop or computer with proper endpoint security. And of course, make sure your phone or mobile device requires a password or code to unlock.
Whenever possible, make sure that all data and files are encrypted before being shared or stored. Encryption simply means scrambling the text to make it unreadable as it travels over the internet. It is locked and unlocked at either end of the process using a secret cryptokey. Proper encryption ensures passwords and sensitive data remain secure. Encrypted data can’t be read or understood by humans or computers until it is unlocked.
How to stay protected?
By applying proper anti-malware safeguards, you can work from home securely with Minerva Labs Remote User Protection. It is packaged as a transient agent with a portable executable so as not to interfere with user systems, security tools and software. The service only activates when trying to establish a safe VPN connection, without the need to reboot. To address privacy concerns, particularly when using personal devices to work from home, disconnecting at the end of a VPN, also deactivates the remote user protection service.
Learn more about how working from home makes ransomware attacks easier:
- Why VPN’s are not good enough
- What to do when neither buy or spy are great options
- How to get it done with Minerva Labs.