Businesses have had to allow increasing numbers of employees to work from home in order to stay operational during the coronavirus crisis. Unfortunately, although allowing work from home increases employee productivity, it also increases the security risks to the business.

Employees working from home are attractive targets for hackers, especially since home devices are often less protected than devices at the office. In fact, it’s been reported that a group of Russian hackers are now targeting employees working from home with ransomware.

Sophisticated Ransomware Detects Work from Home

Ransomware is a kind of malware that works by encrypting data stored on the user’s device. Because the user doesn’t know the password to decrypt the data, it becomes unusable. The hackers demand payment of a ransom, usually in bitcoin or other untraceable virtual currency. Once they receive payment, the password is provided and the data can be decrypted. There is usually a deadline, and if payment isn’t made by the deadline, the hacker destroys their copy of the password and the data is permanently inaccessible.

Ransomware commonly spreads, like other malware, via infected websites and attachments. The new Russian malware doesn’t infect every machine it is downloaded to. Instead, it deliberately seeks to infect computers being used to work from home by detecting usage of a virtual private network (VPN). The malware is then activated.

Home Devices are More Vulnerable

Employees working from home, and the devices they use there, are more vulnerable than employees at the office. Home computers often don’t have the latest antivirus software installed, and they may be shared with family members who haven’t been trained in safe computing. Any infected emails they receive for their personal life can potentially affect company data.

In addition, work from home often uses remote desktop software that has its own vulnerabilities. For example, Microsoft Remote Desktop Protocol has known vulnerabilities that hackers can exploit. Because many businesses aren’t up to date with their patches, those known vulnerabilities are still there for hackers to take advantage of.

Protecting Against Threats from Employees Working from Home

A strong cybersecurity strategy allows employees to work remotely while protecting the business. Measures to take include:

1. Antivirus software. Businesses should provide employees with antivirus software to install on their work from home devices.
2. Restrict remote desktop usage. Make sure remote desktop usage is limited to authorized devices by whitelisting IP addresses.
3. Use multifactor authentication. Multifactor authentication when employees connect to systems from outside the corporate network reduces the risk of unauthorized access.
4. Keep patches current. Develop an effective patch management strategy that applies critical patches fast, and other patches within a reasonable amount of time.
5. Restrict administrator rights. Don’t grant admin privileges to users who don’t need them. In general, all user privileges should be based on roles that match the responsibilities of the employee’s position.
6. Block malicious sites. Prevent users from accessing known infected sites.
7. Keep employees aware of best practices. Employees are always the most important element of your security strategy. Make sure they’re trained on an ongoing basis so they understand safe computing practices and the potential impacts if those practices aren’t followed.

In addition, make sure you have a good backup strategy and know how to use your backups to restore data. No matter how many tools and training sessions you provide, there’s no guarantee you won’t become a victim of ransomware. With reliable backups, you’ll be able to recover without paying the ransom.

Prescient Solutions offers IT consulting and managed services in Chicago and Schaumburg. Services include cybersecurity solutions to protect your data wherever your employees are working. Contact us to learn more about effective information security strategies.