Opening up a window into your home workspace may be riskier than you think as hackers target employees to infiltrate corporate networks.
Before your next video call, take a minute to scan your background. If you have a diploma on your wall or paperwork on your desk that shows your name and address, take a minute to stash that stuff. Anything that shows names, numbers, or addresses could be helpful to hackers looking to steal your personal information, according to Mat Newfield, Unisys chief security infrastructure officer.
Newfield said he started thinking about how working from home can open up security risks that most people had not previously considered.
“I was in a meeting and one colleague said to another, ‘Oh, I didn’t know you lived in Connecticut,'” he said. “The next question was, ‘How did you know that?’ and the person replied, ‘There’s a bill behind you that has your name on it and it has Connecticut in the address.”
Newfield said that it’s easy to zoom in on items in the background of a Zoom window, such as bills or phone numbers hanging on a refrigerator or bulletin board.
SEE: Identity theft protection policy (TechRepublic Premium)
Corporations have controls and cybersecurity defenses while individuals do not have those protections in their home networks.
“If I can glean enough information, I can get from an individual into the company,” he said.
As Lance Whitney explained on TechRepublic, most people still use easy-to-guess passwords or the same from one account to another.
“Your weak password can be used for credential stuffing attacks, where the breached logins are used to gain unauthorized access to user accounts,” NordPass security expert Chad Hammond said in an interview for the story.
TechRepublic submitted three screenshots of a reporter’s working environment at home and Newfield said he didn’t see any security risks when he blew up the images.
“In my office at work, I had a white board and I controlled down to the second, who was in my office and when they were there,” he said. “With working from home, we don’t have that same control.”
Newfield said that individuals also can’t control what other participants do during a video call.
“I can say do me a favor, don’t post this on the internet, but if they do they do, you can’t control that,” he said.
Newfield said that another complicating factor is that multiple family members are working from home at one time.
“Most people don’t have the luxury of having an isolated workspace within their home and our kids are joining from kitchens and bedrooms, too,” he said.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
As many people are still working from home due to the pandemic, hackers are targeting home networks with ransomware attacks, an Experian report says.
“We think what has happened in 2020 with ransomware and corporations now will happen with home devices,” Michael Bruemmer, vice president of data breach resolution and consumer protection at Experian, said.
As the report describes, “with control over home devices, doors, windows, and security systems, cybercriminals have the potential to hold an entire house hostage in exchange for money, information or even fame.”
Newfield said this problem is not hard to fix: Simply take a look at what is in the background of your video calls and remove any sensitive information. The other option is to use a virtual background for every call.
Another way to harden home networks is to change the default admin password on home routers and to check for and install updates on networked devices such as televisions and home automation devices.
Newfield said he also expects an increase in phishing and smishing campaigns to try to get sensitive information out of unsuspecting users. Individuals also should be on the lookout for vishing, a new technique scammers are using to trick people into sharing personal or corporate information.
He sees security responsibilities as evenly split between employees and employers.
“Companies also need to spell out acceptable use for employees: Can kids use a company laptop for school work or can an employee play games on the laptop after hours?” he said. “You want to say well, people should know better but I wouldn’t know if either scenario was OK without documentation, training, and sign-off.”
Newfield said that companies need to harden the IT infrastructure that was put in place in March 2020 as companies went 100% remote overnight.