Zombie Computer Armies Target Your Work from Home Employees

According to the FBI, reported cyberattacks have increased 300% since COVID forced employees to work from home. While you are working, sleeping and everything in between, malicious botnets (networks of computers), and hackers are relentlessly testing for vulnerabilities that will give access to your company’s most valuable data.  

Once they’ve gained access to your devices (95% occur through human error), they will shut down your website, freeze up your sales process, lockdown e-mail, and stop all communications. Not only will they demand a hefty ransom to give you back control, they often simultaneously steal and threaten to sell your desired information on the dark web unless you pony up with even more money. Hackers have historically focused on big targets – the FBI, Apple, the Wall Street Journal, and Twitter have all been victims of cyberattacks this year. But more recently, hackers’ attention has included small businesses with 43% reporting being targeted.

Working feverishly to stay several steps ahead are the defenders of your data – internal IT teams and external experts who build defenses against the most malicious, disruptive, and inventive cyberattacks that continue to evolve at an astounding pace. With ransomware, employee error and phishing on the rise, experts predict cybersecurity incidents will cost businesses over $5 trillion within the next five years. 

How do you stay ahead of malicious hackers? Kevin Villanueva, Partner at Moss Adams, where he leads the firm’s IT Infrastructure and Security Practice, recommends these three “must do’s” to protect employee and company data during this current work from home environment.

  •  Provide Employees with a Securely Configured Company Computer

If you are not providing a secure machine for your employees to use at home, your company’s data is at risk. People often forget to update antivirus software on their personal computers. Employees may get distracted and innocently open up phishing links or allow other family members to share their personal computers. Having a company-issued computer allows your IT Department to keep security software regularly updated, get alerted for potential attacks, and protect against breaches.

  • Educate – Provide Mandatory Security Awareness Training

Educate your team on the identification of cyber threats.  Teach them to identify suspicious emails and sites that could be spear-phishing attempts, Man in the Middle schemes, Trojan and Ransomware Traps. 

  • Follow Current Cybersecurity Best Practices and Standards Frameworks  

Look to the National Institute of Standards and Technology from the Department of Commerce for current guidance on how to address cybersecurity threats.  Check out their 800 series, like NIST 800-53 and NIST 800-171 to receive specific guidance around asset management, logical access control, and user authentication and authorization. Not only free of charge, but they are also vendor agnostic advice and recommendations.  If you process payment cards, look at the Payment Card Data Security Standard (PCDSS) from the Payment Card Industry Security Council which will help you keep that information safe. 

Watch and/or listen to our podcast to hear more expert recommendations from Kevin Villanueva on how he’s protecting Moss Adams’ clients from being devastated by a cyberattack. It is no longer a question of if your company will be the target of a cyberattack.  Your best defense is having your entire organization well prepared to minimize the damage when hackers strike!  As the saying goes, your best defense is a good offense.