Home Sweet Hack

There is no precedence to the unconscionable way hackers exploit human distress during these times. Albeit a few hacker groups “swore” on paper they won’t attack hospitals (gee, thanks), the reality is one of taking gruesome advantage of the situation. 

The global pandemic is accompanied by a global “Phish-demic”, “Mal-demic”, and “Frau-demic”. Not many can withstand the temptation of clicking on the phishing emails these days, supposedly from the Centers for Disease Control and Prevention (CDC), stating a critical notification for the public in the shape of “An updated list of Corona Virus cases in your neighborhood at this link”. 

It gets worse. With the current lock-down and social distancing, workplace IT managers are required to connect their remote workforce to the corporate environment. Let’s pause to give this some thought. 

The typical household includes:

  • 3-5 mobile phone
  • 2-3 laptops or tablets 
  • 1-2 Wifi routers 
  • 2-4 email accounts
  • 2-3 Browsers with stored cookies and passwords

In other words – the typical home is a “malware Petri dish”. 

And then the VPN opens it to the corporate network

At that point – all the malware, ransomware, and crypto-ware try to make it into the uncharted waters of the other side of the VPN. This isn’t the severe threat, as they are likely to be blocked down the path by the first firewall they hit. 

However, the hacker gains control of the home computer and the VPN access credentials are stored or shared in the browser with other accounts, the hacker can easily create a command and control channel and compromise the enterprise through the “front door”. 

Looking for the 7 quick wins?

  1. Find a way for your employees to have a separate “work computer”
  2. Do not allow any installations of any software or add-on that is not authorized
  3. Instruct your employees not to store credentials in the browser
  4. Insist on multi-factor authentication – a token or one of the authenticator apps would do
  5. Create group access policies 
  6. VPN – get one that can run configuration checks on the endpoint prior to connecting
  7. NAC – install a network access controller to allow only authorized devices to connect

Now you can sleep soundly. Not!

So you got the task done, people can work remotely and the business is running. But how do you know what loopholes and vulnerabilities were created in the process. How do you know that a single compromised remote user won’t bring down the entire business in the form of a breach? 

The most important thing these days is to continuously validate the security of your network as a whole. The technology is available to test your security controls, vulnerabilities, credentials, and privilege setting in a VPN IT environment, against the most advanced hacking scenarios. 

Got your remote work employee connectivity addressed? Great!
Now test and test and test – only then you can rest.

The writer is the CMO of Pcysys, the home of PenTera – the Automated Penetration Testing software, with the advice of Comm-IT expert, Lior Bialik.

Written by: Aviv Cohen
Show all articles by Aviv Cohen
Learn more about automated security validation
Resource center
Get blog updates via email
Four steps the financial industry can take to cope with their growing attack surface
Four steps the financial industry can take to cope with their growing attack surface

The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread use of mobile banking apps, chat-based customer service, and other digital tools. Adobe’s 2022 FIS Trends Report, for instance, found that more than half of financial services and insurance firms surveyed experienced a notable increase […]

The elephant 🐘 in the cloud
The elephant 🐘 in the cloud

As much as we love the cloud, we fear it as well. We love it because cloud computing services of Amazon, Azure, and Google have transformed operational efficiency and costs, saving us money, time, and alleviating much of the IT burden. We also fear it because as companies moved to the cloud, they found that […]

A new era of tested Cloud Security is here
A new era of tested Cloud Security is here

Cloud computing has fundamentally changed how we operate. It’s efficient and scalable, but it’s not without some problems. Security is the biggest. As we’ve shifted to the cloud, we’ve exposed ourselves to new risks that can’t be ignored. The IBM Cost of a Data Breach 2023 Report points out that 11% of breaches are due […]

Learn more about our platform