Most of the people who are attacking networks, accounts, and other computer systems are more likely to be relying purely on chance to be successful. What this means is that these attackers are picking systems that they know to be used by a large number of people, and targeting the largest possible number of users on that system. The goal of this method is to be successful at least a small number of times based on statistical figures for success.
As one might expect, it follows that these attackers are constantly assessing their choice of targets and changing their methods based on the change in user habits, and the relative popularity of various systems. And so, when something like COVID-19 happens and hundreds of thousands of people suddenly start working from home, it’s not surprising that services like Microsoft Teams, Zoom, and Slack begin changing things about their security and privacy measures.
Aside from the increased usage of collaboration platforms, another major change has been the decreased usage of office networks and servers. Many small to medium sized businesses have been able to continue work outside of their offices in one way or another. This can be both a risk and a benefit when it comes to security.
When people are working remotely, there are two options. Systems can be set up on the existing server and network to allow for users to connect directly to the office network environment, or new systems can be deployed that are separate from the existing server that allow for a more decentralization of systems. The choice to go one way or another with remote systems is based on a number of factors, but this will be discussed at another time.
If it is decided that remote access will be set up so that the office server is used almost as frequently and heavily as when everyone is at the office, then VPNs and Remote Desktop Services can be deployed. The benefit to these systems is that they can allow for workers to work as if they are still at the office, but the risk is in both consistent uptime and security.
VPN and/or Remote Desktop connections, when set up improperly, can introduce significant security vulnerabilities. If these systems are set up without employing the modern security measures available for the systems, an attacker can exploit these connections and compromise the entire office network.
If it is decided that work will be done separately from the server, or if the office already uses systems in lieu of a server, the main consideration is account security. The services typically used in this regard (Dropbox, Google Drive, MS 365 MS Azure, etc.) are as secure as each user’s account password. It is for this reason that two-factor authentication is incredibly important.
You, or you and your company, need to remain aware of these new security considerations as you are attempting to continue to do business using new methods. Please continue attention to antivirus, firewall, and email (Covid-related phishing attacks are on the rise). Be careful what you click on. And make sure that you or your company are still backing up important information. When security measures fail, back rescues all of us.