Rediff.com« Back to articlePrint this article

WFH scams: 5 tips to stay SAFE

October 28, 2020 09:28 IST

Do not click on any pop-ups, links in messages or notification balloons if you are off the corporate VPN, warns Niranjankumar Laxman Upadhye.

Do not download any attachments from unknown senders, nor click on any links in the mails/ messages sent to you. Photograph: Kind courtesy Pexels.com

Over the past few months, the traditional office work has shifted from corporate meeting rooms to cloud-based collaboration and online meetings.

Employee productivity mapping can be done, and adequate supervision can be maintained to ensure that employees do really work and not use this arrangement as a sort of a holiday.

If you are working from home, remember that apart from the flexibility that WFH allows, it should be used carefully and with discretion so as not to expose yourself or your organisation to cyber threats.

Here are some tips to steer clear of trouble:

1. Beware of spear-phishing scams

During these trying times when you are working remotely, fraudsters tend to leverage the current situation and exploit the lack of immediate access you must be experiencing with your top management.

Therefore, very selectively, in a method known as spear-phishing or whaling, you could be asked to authorise the transfer of a large payment to an account, vide e-mail instructions that appear to be coming from a very senior official of your company, for example your CEO or CFO.

Their e-mail IDs can be spoofed, or hackers may use clever tricks to make you believe this. Overawed by the authority, you may not tend to check and reconfirm with them, and hastily effect the approval or the actual transfer!

This carefully calibrated and targeted attack can bleed a company, and put the person who acted on these 'instructions' in serious trouble. That’s a nasty position to get into.

2. Improve overall security

An industry expert on cyber-security states that 'Security is only as strong as the weakest link in the chain.'

We could not agree more.

To prevent hackers/ scam artists from planting malware or gaining access to your systems or e-mails, we should remember that you too have a part to play.

Do not download any attachments from unknown senders, nor click on any links in the mails/messages sent to you.

By doing so, they could plant Trojans or worms that burrow deep into your corporate network until their master can trigger them to wreak havoc on your company.

It could lead to shut down of selective and critical parts of your infrastructure until the company pays a ransom. This malicious code is therefore called as 'Ransomware.'

Although your IT and information security administrators are doing their job, help them by being careful and discrete.

Update your antivirus software and apply any operating system security patches immediately if they are available.

Do not defer the deployment of the same. It is important for your system to stay updated and beefed-up to counter the latest known threats.

3. Use virtual private networks and firewalls

A Virtual Private Network, or VPN for short, emulates the same safety or containment measures during WFH, as you would have while working in the protected infrastructure of your office premises.

This makes file exchange and data access secure.

A firewall prevents intrusion by bad actors -- competitors, business rivals and extortionists into your company's network and prevents stealing of confidential or business sensitive information including your intellectual property etc.

Industrial spying by adversary nations is a reality. If they can steal your information, you lose the competitive advantage, and are also exposed to regulatory action and shareholders's confidence erosion.

You can be sure that phenomenon is not to be spelt as 'disaster', it is spelt 'catastrophe!'

4. Usage of online meeting spaces

With a lot of meetings happening online, it is important to ensure safe conduct.

Desist from using 'free' online audio/video conferencing services and meeting rooms/chat rooms.

Monitoring of your confidential and sensitive data may be surreptitiously done by these free hosting service providers.

Use reputed corporate online meeting solutions providers and when you are conducting meetings, allow access only to restricted invitees.

Each participant should be carefully vetted and unique passwords should be used for each session.

5. Steer clear of other nuisances

Who does not like to pay their utility bills from the same laptop, or check personal mails, catch up on news and visit entertainment portals in between work-breaks?

However, while doing so, be careful about the links and Web sites you use.

Do not click on any pop-ups, links in messages or notification balloons if you are off the corporate VPN.

Please remember that by doing so, you may compromise your security.

Ensure that the Wi-Fi routers or Internet connections that you use are encrypted with the highest level of encryption supported, which is WPA 2 or WPA3.

Also use complex passwords for your Internet connection that are difficult to crack, and change it frequently.

You can use selective white-listing to allow only the 'approved' devices in your home to latch on to the Wi-Fi router.

If possible, use something known as 'MAC-binding.' The media access control card in each device is unique and a MAC address is not easy to spoof as an IP address that can trick your device to connect with it and in turn reveal everything you do to a hacker who is perched between you and the outside world.

Niranjankumar Laxman Upadhye is general manager-fraud risk management division at Worldline India.

NIRANJANKUMAR LAXMAN UPADHYE