It’s been quite a year. Along with adapting to a pandemic that shut the world inside and brought on a seismic shift in social norms, more people than ever are working from home. A YouGov survey of global office workers commissioned by the new security platform HP Wolf Security shows that 82% of respondents are working from home more since the start of the pandemic, with some 23% expecting to work from home most of the time even after we “return to normal” (whatever that is).
Which means that hundreds of millions of us are tapping into our employee networks through work-distributed laptops, sure, but also with our personal devices. Not just that, but we’re letting our kids use them for school, for gaming, for streaming content (and we’re often guilty of doing the same!). According to the recent Blurred Lines and Blindspots report by HP on work styles, 76% of office workers say that working from home during COVID-19 has thinned the barrier between their personal and professional lives. Half of remote office workers say they now see their work device as their own personal device, with 46% admitting to using their work laptop for “life admin”; 30% say they have let someone else use their work device. Meanwhile, 69% of office workers have used their personal laptop or printer for work tasks and activities since the start of the pandemic.
This all amounts to your basic nightmare for IT decision-makers (ITDMs), who stand at the front lines of cyberattacks.
“Users are the point of entry for most attacks—that’s why endpoints account for 70% of successful breaches, with malware almost always being delivered via email attachments, web links, and downloadable files,” says Ian Pratt, Global Head of Security Personal Systems at HP. “Phishing is of particular concern, with attackers using new techniques such as AI-automated spear phishing, where an attacker tailors their lures to a specific individual or group.”
Then there is thread jacking, where an employee’s email account is hijacked and spreads malware by responding within existing conversation threads, making it more likely users will open the attachment or link. (HP PCs come standard with a suite of security features, including HP Sure Sense and HP Sure Click, which proactively prevent threats and ensure fast recovery through software applications if an attack does happen.) And the list goes on, including denial- of-service attacks and—the scariest—ransomware, with serious consequences for employers.
“So it’s no surprise to hear that 54% of ITDMs have seen evidence of a higher number of phishing-related attacks in the last year, which could lead to exposed company data, reputational damage, noncompliance, and loss of customer trust,” says Pratt.
Ultimately, HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services.
Standing at the front lines
Watching the latest installation of HP Wolf Security’s short-film series and the sneaky ways criminals worm their way into enterprise networks, you might get nervous. In the film, actor Christian Slater returns as the Wolf. His hawkish hacker character sips coffee in a cozy bathrobe while showing us how easy it is for him to infiltrate an entire network simply by sending an innocuous-seeming email to a kid playing games on his mom’s work computer. Mom scans a document on her home printer and sends it to her team, and the embedded malware spreads as fast as a living virus.
“Cyberattackers are launching springboard attacks that target kids and their gaming systems with offers of online games and free movies,” says Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs, the threat intelligence and research organization at Fortinet. All it may take is a free game offered through an in-app email, “and once they’re in, with a few lateral moves, the attacker can be on a corporate network,” he says. In fact, FortiGuard Labs saw an average of about 600 new phishing campaigns per day during spring 2020.
This doesn’t mean that all is lost for organizations, especially those that are starting to make active investments to address remote-work security. Advanced AI to evaluate incoming threats and real-time data delivered through HP Wolf Security help remote workers and IT experts stay ahead of modern security threats hitting hard and relentlessly on endpoints such as that work laptop that’s occasionally used by Junior.
Built across 20 years of security and research innovation, HP Wolf Security unifies all of HP’s endpoint security innovations to deliver comprehensive cyber-resiliency under one umbrella, helping consumers, businesses, and IT and security teams navigate ever-growing cyber risks—even ones that come through an innocent game on Roblox.
Keeping employers and data safe
While the nightmare scenario is of a takeover of the enterprise, remote workers can elevate their security measures to prevent such devastating attacks. Aaron Barr, chief technology officer for PiiQ Media, a social media threat intelligence and risk analytics company, offers a few easy starting points. First, he suggests using a variety of email addresses.
“We recommend you have three or four, and segment them by how you use them: personal, financial, social media/digital services, spam,” Barr explains. “That way, when you get a work- related email that comes to the email you use for Instagram or gaming, you know that it didn’t come in through the right account.”
Second, Barr says, is to extend and vary those pesky passwords. “The longer your password, the harder it is to crack,” he says. “Most people use the same email address and password for the $5 Target discount spam as they do to log in to their bank, and that is horrible.” A password manager can help keep those hundreds of passwords in order, while settings on your PC or web browser can alert you to compromised passwords that are exposed, say, through a security breach of a social network.
Many companies provide a virtual private network (VPN) so remote workers can securely connect to company networks to send and receive files, data, and applications from anywhere. Segmenting out your home network so that one sub-network is used only for work and another for “life admin” can also alleviate some work-from-home security stress. Even having separate user logins on the same PC can help build a wall between work and life.
HP’s Pratt believes that recalibrating the need for security against the desires of the worker requires employers to adopt a completely different model of endpoint and work-from-home security—all built on the concept of “zero trust,” a set of engineering best practices devised to secure critical systems.
“Access to work resources should be assessed based on context, such as the user, the device, the geolocation, and the security posture,” says Pratt. Multifactor authentication is one important ingredient of zero trust, he adds.
Detection is just the beginning
The best mitigation is not to put all the responsibility on the remote worker, but to ensure organizations can provide users with enhanced protection, privacy, and threat intelligence.
“The technology of the near future should be secure by design and intelligent enough to not simply detect threats, but to contain and mitigate their impact, as well as to recover quickly in the event of a breach,” Pratt says. The technology of the future, in other words, sniffs out attacks before hackers get anywhere close to bringing a company down. As Christian Slater’s Wolf mischievously warns, “A guy like me, given the keys to the kingdom, what’s the worst that could happen?”
Learn more about HP Wolf Security here.
Copyright © 2021 IDG Communications, Inc.