COVID-19 has radically altered the corporate cyberthreat landscape. Quarantine measures have forced a huge number of people to switch to remote working. To respond to these changes in a timely manner, we carefully studied expert forecasts and research, changing customer requests, and cybercriminal activity. What we were missing was the viewpoint of those same employees now working from home. So, to complete the picture, our colleagues interviewed more than 6,000 working people worldwide to find out their perspective, and we are sharing the most interesting results in this blog post.
Equipment
To ensure corporate security, it is vital to understand what equipment your remote employees work with and in what way. It’s one thing if they use a company laptop to perform only work tasks, another if that laptop serves both work and personal needs, and something else entirely if they do everything on their home computer with questionable security.
More than two-thirds of respondents (68%) said they use their own computers. That means no one knows what might be happening on some machines that process company data or access corporate infrastructure. For example, 33% of respondents admitted to visiting adult websites on personal computers that they also use for work. You may recall that porn is popular with cybercriminals for use as a hook to catch victims. They can then steal card details or try to trick users into installing malware.
Connection
Another important aspect is how employees connect to corporate networks, especially because the potential danger here is twofold.
First, because employees need access to internal systems and services, many companies have had to urgently install remote desktop software, which security experts generally dislike but cybercriminals love. Since the beginning of March, attacks on ports open for RDP, the most popular remote connection protocol, have shot up worldwide.
Second, when remotely connecting to the corporate network from home, employees often fail to consider other equipment that might be linked to their home router. That might include a smart vacuum cleaner that’s actually way smarter than it lets on (thanks to implants or vulnerabilities in the firmware). The router itself might be poorly protected or even compromised.
It would seem that both problems can be solved with VPN technology, whereby work machines communicate with the corporate network over a secure channel, and direct connections to it are prohibited as a matter of principle. But according to the report, for some reason only 53% of employees use a VPN to connect to corporate networks.
The report contains quite a few more interesting details and useful tips. Follow the link to read the full text of the report.