As talk of a third wave of COVID reaches our shores, organisations across Australia and New Zealand are comfortable in the thought of sending staff home again. It’s something we’ve practiced repeatedly the last two years.
The working-from-home arrangement has influenced many crisis and business continuity leaders to adopt more comprehensive strategies when it comes to remote work and response. This much is true, but gaps are appearing in how a more casual working arrangement may compromise an organisation’s digital infrastructure.
It starts with what is called The Internet of Things, a term used to describe the almost endless option of technology and items that are connected to the world wide web.
In your home, you may recognise items like your Amazon Alexa, your app-controlled CCTV, Netflix, and your child’s PlayStation falling into the criteria of what constitutes as an item that can connect to the internet.
For hackers around the world, the perfect scenario has occurred; it’s become easier than ever to access valuable organisational data during a work-from-home arrangement.
Denial of service attacks (DDos) are relatively common and a simple approach hackers will take to overwhelm a server. Tens of thousands of machines (fake users and their computers) will target one server to overwhelm it and in some cases, crash it.
Technology has fought back, and successfully achieving a DDoS attack on large organisations is becoming harder. That’s why hackers have moved their attention to your Amazon Alexa and your remote powered fridge; an innocent device that connects to the same Wi-Fi and system your work laptop does.
How do they do it?
Users are typically unaware or oblivious to how their data is being collected by a home appliance or smart device. Furthermore, your IT team is very unlikely to know where exactly that data is being transmitted from within a home.
The FBI have warned that hackers may be able to conduct a “virtual drive-by” of users’ digital lives if they gain access via unsecured devices. This, in turn, gives them access to a user’s router and everything connected to their home network.
Each hacker will have their own process.
There have been reports recently of hackers easily cracking home CCTV systems (done by simply finding your email address – or guessing it – resetting the app’s password and logging in remotely). If a camera is set up in a fortunate position for the hacker (over a computer), they may just get the information they need even more easily.
Another technique being reported is overwhelming a local internet connection and slowing down the user’s operating system while they’re working. This lag in accessibility can provide the hacker just enough time to grab a password or two.
What you can do to prevent it
There has never been a successful cyber-attack because of bad machines or technology. All breaches are a result of a human error. That’s why awareness, communication and education is essential when sending your team home (both during COVID, and over Christmas).
Users should change the default password and set unique passwords for every smart home device they have. They should store sensitive and private data on a network system separate from the home devices.
Update smart home devices regularly and check permissions on mobile apps linked to the smart devices (Apple iOS is particularly good at this). They should turn on automatic updates for software, hardware, and operating systems on your smart devices for the latest updates.
To safeguard your organisation and yourself against hackers, assume that every internal and external link is malicious, even if it comes from your CEO.
Just sharing an article like this with a colleague may encourage them to update their smart TV or automatic vacuum cleaner, which in turn may just prevent the next attack being a successful one.