Governments had no idea how much the COVID-19 lockdowns would open the door for cybercriminals to wreak havoc. In 2021, they did just that: entire operations were stopped for days, and the ransoms demanded were sky-high. Yet, most people still don’t seem to get the message: we’re all in danger. The threat is not just for big companies but also for small businesses and individuals. Cybercriminals aren’t disappearing any time soon and they are benefitting from the unfortunate combination of remote working setups and team members uneducated in cybersecurity.
Remote and Hybrid Work: New Habits, Old Dangers
2020 saw a full-scale shift towards remote work, which continued well into 2021, and isn’t going away in 2022. Entire companies abandoned their usual premises and living rooms became offices. Plus, employees love their newfound flexibility – about 60% of U.S. remote workers claim they would quit if forced to return full-time to the office today. It’s 45% for those currently in a hybrid setup, where they already go to the office part of the time. However, while these approaches have many benefits, they also expose companies to new dangers. One significant issue is that it’s hard to monitor team members home offices’ cybersecurity. Those working remotely often use their home Wi-Fi, which is potentially unsecure. All this because few companies educate their coworkers in cybersecurity, even though it’s more crucial now than ever.
Phishing: Don’t Bite!
An email arrives from an address you know with an attached link. The email is poorly written; it doesn’t even meet the minimum standards of the language. The link is the bait and if you take the bite and click on it, you’ll be hacked. Then, there’s spear phishing – a personalized phishing attack where the sender knows your personal details. Even a beginner can set it up these days, and you’d be surprised how much damage it can cause. One of the newest variants out there is the Dridex Trojan, which serves as an initial foothold in massive, company-wide cyberattacks. It leaks a vast amount of information while disguising itself as a regular QuickBooks payment notification or invoice.
Ransomware: Your Money or Your Data?
Extortion is one of the oldest crimes in history. Today, it takes a digital form through ransomware attacks. Companies lose enormous amounts of money due to minor negligence. Something so small as forgetting to enable multifactor authentication can be enough to get breached by hackers. DearCry is one of the latest weapons in cybercriminals’ ransomware arsenal. It takes advantage of four critical vulnerabilities on Microsoft Exchange servers to gain access and lock users’ computers. The only way to regain access to their information is by paying the ransom.
Analysts also predict the widespread use of an entirely new ransomware variant, labeled killware. As its name suggests, it’s designed to physically harm a company and its members. In February 2021, hackers used outdated TeamViewer credentials to access a water treatment facility’s system in Florida and raise the lye levels dangerously high. Analysts see this as the first use of killware, and they believe hackers will have it perfected by 2025. But cybercriminals may start targeting hospitals and utility providers already in 2022.
How To Protect Yourself From These Cyberthreats
2021 saw that no one is safe from cybercriminals. Why would hackers leave small companies and individuals in peace – especially when they tend to operate with little to no cybersecurity? Luckily, there are many ways to show these criminals what you’re made of.
As phishers will try to get their hands on your social security number, credit card details, and various other personal data, you must be extra cautious when opening emails. Moreover, always use a VPN when using public Wi-Fi, use strong passwords, and delete inactive accounts. A reliable password manager like 1Password works miracles, as it generates randomized passwords for each of your accounts and supports one-time passwords for multifactor authentication. If the damage is done and hackers got hold of your personal data, use an identity theft protection service to get back what was stolen. IdentityIQ, for example, provides monthly updates on your financials and warns you when it notices unusual activities.
Remote work has shown how important it is to hide our online activities from prying eyes. Having an internet security suite installed can certainly ease some of the danger. However, there’s no software that can protect a company if it fails to educate its team. Fortunately, some companies like ESET provide affordable programs that teach team members how to recognize phishing attempts, connect to a network safely and other essential cybersecurity information. At the end of the day, training protects your business from cybersecurity threats more effectively than all these apps combined.