Work-from-home creates new targets for cybercrime

The pandemic created a hotbed of opportunity for cyber criminals with so many people working from home for the past two years.

According to Experian, a consumer credit reporting company, the firm serviced approximately 6,000 breaches last year, 85% of which had a root cause in a human error.

Greater distractions at home, along with the use of less secure personal devices, weak passwords, and less robust security infrastructure on personal computers being used for business such as anti-virus programs and firewalls have all contributed to the growth in breaches.

This year isn’t expected to be any better as cybercriminals find new vulnerabilities with the ongoing pandemic.

"2022 will be a continuation of vulnerabilities due to the pandemic and work-from-home mentality," says Michael Bruemmer, Vice President of Data Breach Resolution and Consumer Protection at Experian, which recently released its data breach industry forecast.

People continue to expand their digital footprints working remotely, which "leads to more vulnerabilities."

Cryptocurrency risks

Among the threats, as cryptocurrency becomes more mainstream and "people increasingly accept these as legitimate transactions," they will become targets of attack, says Experian. There have been over 15 cryptocurrency exchanges hacked since 2019, Bruemmer says.

Given the climate, businesses have to be vigilant in providing security around the home environment with such safeguards as having a Virtual Private Network (VPN) back to the office, which provides encrypted protection when using the public internet, he says.

Businesses should also provide approved devices with the latest software updates to employees — and if that’s not possible, establish minimum security requirements for personal cellphones, Bruemmer says.

They should also provide training to recognize potential threats like phishing emails that seemingly come from a legitimate source but are malicious in nature.

Phish bait

"Phishing emails are still the most popular method to infect ransomware into a company," says Steve Morgan, founder of Northport-based Cybersecurity Ventures and editor-in-chief at Cybercrime Magazine, an online cyber news source.

Ransomware is a type of malicious software that infects a computer or device and subsequently blocks access to data and threatens to destroy data unless a ransom’s paid.

"It’s generally a program that gets downloaded into a computer and encrypts the data," Morgan says. "It’s a classic get-rich-quick scheme and that’s why so many criminals are getting involved with it."

In 2021, estimated ransomware damages globally were $20 billion, Morgan says.

One piece of advice for companies is to back up their data daily that way they can still restore data if it’s stolen, he says.

Call for backup

Benjamin Dynkin, co-founder of Great Neck-based Atlas Cybersecurity, a cybersecurity services firm, recommends having one live copy of data that can be accessed daily like on a local hard drive and then two separate backups of data kept in different formats like on a local drive and in the cloud at the location you operate from, as well as one backup kept at an off-site location. He also recommends constant testing of backups to make sure they work.

He said among threats to watch is software supply chain attacks of key vendors such as managed IT services providers, which could trickle down to small businesses. That happened in 2019 when a Colorado MSP suffered a ransomware attack that disrupted operations at over 100 dental offices. Businesses should be asking key service providers about their cybersecurity measures, Dynkin says.

Password perils

Another area to watch is hackers exploiting password vulnerabilities and compromised credentials in schemes known as "credential stuffing," says Shreena Bindra, Chief Operating Officer at Plainview-based UOTech.co, which provides business continuity services and IT managed services.

They work like this: A cyberthief gets a person's username/password for one site, normally through a data breach of that site, and then takes those credentials and tries them on hundreds of additional sites through some kind of script. The idea is to see if that same combo works anywhere else.

This happened to a client who came to UOTech. A principal of a law firm used the same password for business and a parking app that was breached.

Hackers tried to send out emails to the law firm's clients that appeared to be legitimate, but sought funds. UOTech was able to identify and stop the threat before money was exchanged, Bindra says.

As a best practice, businesses should not re-use passwords and also should use multi-factor authentication Tools such as Okta Verify or YubiKey, which adds a layer of protection to the sign-in process by requiring additional identify verification, she says.

Other security layers can be helpful like email filtering tools and login monitoring.

"It comes down to defense in depth," Bindra says. "There’s not just one solution."