In the current corporate and employee landscape, workers are leveraging a variety of endpoints from a range of different locations to access enterprise systems and assets. Staff members are no longer chained to their desks, and many employers and workers alike have begun taking advantage of work-from-home and other remote styles that enable them to operate outside of the office.
This approach comes with considerable benefits, including lower overhead costs for employers, and greater job satisfaction and productivity for staff members. For these reasons, and more, it’s no wonder why nearly 4 million Americans now work from home for at least half of their work week.
However, when businesses do enable their workforce to complete mission-critical tasks from places and networks other than their main office, there are certain considerations to make, namely when it comes to data security.
Bringing work home, bringing threats to work
Some of the biggest risks recently are threats related to employees’ home networks, or networks at public places like coffee shops, airports, hotels and more. As ComputerWeekly contributor Peter Ray Allison pointed out, security vulnerabilities stemming from workers’ at-home internet connections are very real, and are also some of the most overlooked threats in the current security landscape. There are numerous different scenarios associated with employee home network threats that can result in risks to corporate systems, assets and intellectual property. Whether a home network doesn’t include adequate protection, or user activity opens gaps in security, ensuring protection of both home and enterprise networks is absolutely imperative. “It is something that we are coming across more and more,” Digital Pathways CEO Colin Tankard told Allison. “Devices are being exploited and [companies] find that something unusual is going on. It is only when they do a little bit more investigating that they realize somebody or something is monitoring what they are doing.”
In an age when data breaches are occurring increasingly frequently, it’s critical that chief information security officers and IT admins don’t disregard the risk employees’ at-home activities can pose to their business security posture.
Unsecured home routers
One way that this threat can take hold is when employees don’t have the appropriate security in place with their home routers. As Trend Micro pointed out in this report on the Most Noteworthy Home Network Security Threats of 2017, the router serves as a hub for all connected devices, including the smartphones, laptops and other endpoints workers leverage at home and at work for corporate purposes. In this way, if robust security isn’t in place at this critical juncture, employees leveraging their home network for work activity could be opening themselves up to considerable risk. Worst of all, a device infected at home could potentially impact the entire enterprise network once the staff member brings the endpoint back to the office for work.
Some issues to be aware of here are:
• Incorrectly configured networks: This can extend to a range of different factors, but the bottom line is that an incorrectly configured network can provide an easy open door for malicious actors.
• Default or weak passwords: If employees don’t adjust the security credentials of their routers and keep the default password in place – or use a password that is considerably easy to guess – it presents low hanging fruit for hackers. It’s imperative that default credentials are replaced with strong passwords once the home network equipment is deployed.
• Firmware updates: Not updating devices with the latest patches can also create easily exploitable vulnerabilities that result in significant security gaps and other problems.
As Trend Micro research shows, hackers aren’t just seeking out unsecured routers to infect home networks – routers and other devices are also being leveraged for Bitcoin and other cryptocurrency mining. In fact, this threat was the most detected network event seen in 2017. The fact that makes this threat particularly notable is that it isn’t just routers that are being used to support cryptocurrency mining – other devices including home computers (14,586), tablets (358), smartphones (981), game consoles (314), IP cameras (573) and printers (219) are also being leveraged for their CPU power as well.
“Cryptocurrency-mining malware, for instance, are capable of infecting devices to illicitly mine for crypto currency,” Trend Micro researchers noted in the report. “Such malware can spread the same way other malware types spread, e.g., through spam emails and malicious URLs, and take advantage of the computing power of multiple devices to increase yield from mining.” Like nearly any other security risk, a threat like this could potentially spread from home devices to corporate assets. When CPU and computing power is tied up by cryptocurrency mining activity, businesses aren’t able to achieve the level of performance their users require.
Brute force attacks via Remote Desktop Protocol
Malicious actors are increasingly leveraging Remote Desktop Protocol (RDP) capabilities to spur brute force logins of home devices. Once a hacker has broken into a home device in this manner, he or she is able to execute malware that could spread to enterprise networks the next time the device is used at the office. RDP enables a user to interact with a system as if they are a local user, providing access to the operating system and applications. In this way, a hacker could remotely access login capabilities, and use brute force to breach and glean details about users and who has control of what devices. “The risk lies in the network, when a hacker is able to gain access to the RDP without the user admin knowing,” Trend Micro researchers explained. “The home network is where all the connected devices and stored data lie.”
Real-world case: Daughter’s email access results in company network infection
These issues impact more endpoints and assets than CISOs might realize. In one real-word instance, an employee took his work laptop home to continue his corporate pursuits from outside the office. The device was also used by the man’s daughter, however, to access her email. One message that she accessed unfortunately included Sircam, an infection that spreads through open networks. Because the employee’s daughter opened the infected email attachment, the work laptop was then infected with Sircam. Making matters worse, the man was unaware, and took his laptop back to the office and connected to the company network. This allowed Sircam to spread from the infected endpoint to the corporate network. Luckily for the employee and the small business he worked for, the infection was spotted on the company network and systems were disconnected before it could spread further or damage machines. The instance did result in downtime for the company, during which the network had to be cleansed and employees were unable to access mission-critical assets.
Overall, it’s important to ensure that employees take the appropriate security precautions when taking part in work activity from their home networks.