Remote work has increased significantly during the coronavirus pandemic, as regular commutes to packed offices became a thing of the past for most people. Not everything about remote working has been bad, and technology has helped to make it possible to continue working from home in a way that would have been unimaginable just a few years ago.
But remote work has also introduced new cyber threats to the cybersecurity landscape as bad actors seize on the disruption to find new ways to cause damage.
In the process they have helped to highlight just why data security is so important — and what can happen to those who ignore it.
Devices that fall into the wrong hands
There are multiple ways in which remote working tools can be abused by hackers. One of the big ones concerns the risk of lost or stolen devices posing a significant data security threat for businesses.
When data was stored on-premises and only accessed locally by visiting a physical office, data breaches were more likely to mean a literal break-in on site. In a world of cloud-based, remote systems accessed by workers using laptops to log in from home, there are new ways for this kind of breach to take place.
Devices may fall into the wrong hands, thereby compromising sensitive data and systems. A study carried out over ten years suggested that close to 41 percent of data breach events were the result of lost devices like laptops, smartphones, and tablet computers.
Since a laptop is reportedly stolen every 53 seconds, and more than 70 million cellphones are lost every year, that number doesn’t seem particularly surprising.
Many cybersecurity systems are built around the premise that attackers will be trying to access target systems from new, unknown devices. The idea that they may, instead, use an existing lost or stolen device already familiar to a particular security system, therefore, poses a big threat.
Attackers who have gained access to lost or stolen devices may be able to access systems or confidential data with it by using stored passwords. They may also be able to read unencrypted data from device memory.
If a device is not properly secured — or may even be entirely unlocked — attackers could immediately gain access to systems and use this access to plant malware, exfiltrate data, and more.
Data breaches from stolen devices
Data breaches resulting from stolen devices can be extremely serious. For instance, in September 2018, Raley’s Pharmacy had the records of 10,000 pharmacy customers exposed — including full names, gender, birthdate, medical conditions, healthcare information, prescription drug record, pharmacy visit dates and location, and more. This was after a pharmacy laptop was stolen, containing files with the above information.
A more recent example involved a laptop allegedly stolen by a rioter from House Speaker Nancy Pelosi’s office during the January 2021 storming of the US Capitol. Rioters posted images of computer screens still displaying emails. According to one report, they planned to sell the information to Russian intelligence.
In both cases, it’s not clear the extent to which data was accessed and misused, and what security measures (such as encryption) were in place. Nonetheless, both of these cases illustrate the extent to which this kind of theft poses a major problem. In the first, the information was reportedly stored locally on the computer.
In the second, it appears that the computer may have still been logged in as part of a credentialed session, meaning that passwords and encryption protection were bypassed and neutralized. Neither scenario is good news.
Protecting against threats
However, there are ways that users can protect themselves against such potential threats. One is to ensure that proper encryption methods are used. This means not just ensuring that data is secured with a single layer of encryption, but, where possible, multiple layers of encryption to make sure that no data is left exposed.
Doing this means that, even if a system admin’s credentials are compromised, it won’t be possible to access sensitive information.
Strong passwords are another. While examples like the Nancy Pelosi computer scenario show that passwords can’t always be relied upon, plenty of security problems have been caused by having weak passwords in place.
Wherever possible, users should not just use strong passwords (with a combination of letters, characters, and numbers), but additionally, make sure that they have multi-factor authentication in place. This means that simply knowing or brute-forcing a password won’t be enough to gain access to critical information or systems.
On top of this, user rights management is a game-changer. User rights management tools work by monitoring data access and access of privileged users and identifying scenarios in which there is inappropriate usage of these privileges.
This is related to user behavior analytics and database activity monitoring, which can monitor behavior and access and generate alerts if suspicious behavior is identified.
There are plenty of threats that businesses and organizations need to be aware of. But the risks associated with lost or stolen devices certainly rank near the top. Making sure that you are protected against these eventualities is one of the smartest moves you can make.