Maintaining the security of devices across organizations has become a little more challenging with the hybrid work models As the number of mobile devices increase, the number of vulnerabilities increase as well. Remote workers and learners are targets for intrusion and are used as the entry point into larger organizations. Why them?
The cost to install enterprise grade security equipment in homes for work or education is not the first choice for organizations due to the costs associated with its scale. Users also have retail grade routers and wireless access points that likely have never been configured for security. The personal devices they are using to access work or school may not meet basic security standards. There’s a number of attack surfaces for intruders to gain access to a user device and potentially the organization’s network. Those surfaces should be protected and policies in place to prevent them from being breached.
If you are at work trying to access school learning portals, you’ve most likely accessed your resources through a VPN tunnel. This is a cost effective way to securely connect to a network using a protected pathway with a mobile device. However, be aware that browser based attacks are one of the primary methods used to deploy Exploit Kits (EK). Just by visiting a compromised website, you could potentially open a connection to a malicious server that’s sending you infected data in the background. You don’t even have to click on a link or download anything. EXAMPLE: Getting an email about a schedule change from what looks like a legitimate email from your school. You use the link in the email to “view” the changes and login to your account. Its done, you have given someone your login information because the portal is fake, and have been infected with malware just for going to the site.
EK’s are a collection of tools that run on your machine for some nefarious purpose and can infect whole computing environments. Some can harvest MFA credentials, redirect you to malicious websites, encrypt all your files, sit quietly until further notice; it could do anything.
Having good security hygiene is a type of active threat protection that can prevent a majority of attacks. Keep your devices, operating systems, and applications up to date, don’t access sensitive information over free wifi or unprotected networks, and use security solutions that have real-time threat intelligence, prevention, and response. Trend Micro Endpoint Security with Apex One is a good solution to take a look at.
You can’t be on alert and vigilant 24/7, that type of mental stress can affect the body and can contribute to reductions in performance. When you have basic security standards they eventually become normal habits and they reduce the fatigue of being on edge when it comes to security. Having professionals manage the details of securing your network and business can lift that heavy burden off your shoulders.
Taking the time to look at how you are connecting to the world and how you can be vulnerable, is one of the first steps in becoming a hard target. The idea is to make it as difficult as possible for someone to access your data while also being able to operate without obstacles yourself. Balancing security with convenience is a call that you have to make on your own.
Stay sharp out there.