Cyber Threat Alert

Remote Work: Privacy & Security Concerns

By many accounts, remote work is here to stay. Many businesses and organizations have tried it and like it. The lack of interpersonal contact is addressed by video conferencing tools such as Zoom and Teams. High-quality cameras and microphones provide businesses, educational institutions, and organizations with what they need to create useful webinars and podcasts. Overhead costs are lower due to the lack of rentals – office space, office equipment, office food, and beverages. Indeed, the pros are beginning to outweigh the cons – except for privacy and security.

WHY THIS MATTERS

Right now, privacy and security may not be your top concern.

However, you should be aware of how some of your devices are creating unnecessary risks and how you can decrease some of them.

For example, you may want to turn off your smart camera or smart speakers during confidential calls or video conferences.

Why? These devices can hear what you are saying.

Also, you may want to stop re-using passwords on more than one website or in the setup of more than one device.

Why? Hackers are using credential stuffing by using previously stolen login credentials in new cyberattacks.

DESCRIPTION

The tech devices we are using now may not be new; we are simply more reliant upon them. The more that we rely on technology, the more we need to take some necessary precautions to protect our privacy and security. Here are some current examples:

Zoom:

As we reported in our most recent Cyber Threat Alert, over 500,000 Zoom, video conferencing accounts were hacked due to credential stuffing. Although Zoom has made privacy and security adjustments during the last several weeks, they cannot prevent credential stuffing. Stop the re-use of passwords, stop the attack vector.

Smart cameras:

Smart cameras can hear confidential information shared during calls or video conferences. Imagine overheard trade secrets and how that negatively impacts your business. Again, the device users must decide whether to unplug a Google Nest or Ring smart camera during confidential calls from home.

Smart speakers with voice assistants:

Digital helpers such as the Alexa speaker (Amazon Echo) and Sonos speaker (Google Home Assistant), live inside our homes and listen to our voice commands to set timers, play music, and teach kids how to spell those difficult homework words.

Have you considered what else these helpers may hear? They can listen to confidential information being shared during calls or video conferences. You may want to unplug your smart speakers during business calls or video conferences if you want your information to remain private.

Smartphones:

Smartphones have become the center of our lives -- our entire circle of influence and knowledge are often stored on these devices.

Unique password protection is a must. Also, mobile security apps can help. For example, New York City has created the free NYC Secure App to help protect residents from phone hacking. The app alerts you to unsecured Wi-Fi networks, unsafe apps in Android, system tampering, and more.

Some companies have implemented a Mobile Threat Defense (MTD) in recent years to help them detect threats to devices, operating systems, networks they use, and apps on devices.

The rest of us may be using our smartphones without much protection. That means that updating operating systems, privacy settings, and security settings is in our hands.

Wi-Fi routers:

Password protection on home routers is crucial. Routers come with a default password. Best practices mean that you change the default password to a unique password – not one that you are using on every other device at home.

What do these devices have in common? The potential for credential stuffing from re-used passwords.

Credential stuffing is a type of cyberattack where stolen account credentials, typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from previous data breaches), are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application. Attackers automate the logins for previously discovered credential pairs (sometimes millions) using standard web automation tools. 

Credential stuffing attacks succeed because many users re-use the same username/password combination across multiple sites rather than creating unique passwords for each website login page. The dark web has lists of passwords and login combinations readily available for sale – and sometimes for free.

Stop the re-use of passwords, stop the attack vector.

TAKEAWAYS

  • The last thing we want to encounter is bad actors seeking to extort our business due to unintentionally shared information.
  • Taking necessary privacy and security measures may be inconvenient but worthwhile.  
  • Some of the privacy and security risks at home rests in our hands.
  • Any residual risk may be transferred.

CYBER INSURANCE SOLUTIONS

Cyber insurance is your go-to option when you are looking to transfer some of your residual risk (that cannot be adequately mitigated):

  • Social engineering coverage, including employee education and risk mitigation services
  • Ransomware or cyber extortion coverage, including ransom payments and/or data recovery
  • Data breach coverage, including direct first-party losses and third-party liability and damages
  • Business interruption coverage, including loss of profits and extra expenses incurred during a shutdown of your computer network.
  • Employee training and educational tools to help prevent attacks and protect your network/data

SOURCES

https://www.zdnet.com/article/working-from-home-switch-off-amazons-alexa-say-lawyers/

https://www.bbc.com/news/technology-51751950

https://www.usatoday.com/story/tech/columnist/2020/04/04/coronavirus-scams-going-viral-attacking-computers-and-smartphones/2939240001/

https://www.digitaltrends.com/mobile/how-to-protect-your-smartphone-from-hackers-and-intruders/

https://secure.nyc/

This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.

Topics: Cyber Insurance Dark Web Identity Theft Remote Work Covid-19

Cyber Armada Team
Posted by Cyber Armada Team on Apr 29, 2020 9:38:05 AM
Application

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada
Appointment

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment