How do I protect my employees from ransomware in the home office? 10 valuable expert tips!
by Svenja Koch
The number of ransomware attacks has increased enormously in recent years. Due to the Corona pandemic, many employees still work from home. The resulting home office security vulnerabilities threaten both the employees and the entire corporate network. This situation has created new challenges for corporate IT security. 10 tips from experts improve ransomware protection and help close home office security gaps.
What is ransomware and how does a ransomware attack work?
Ransomware is a special form of malware. An alternative term is extortion Trojan or crypto Trojan. During a ransomware attack, these malware programmes are able to encrypt the contents of hard drives and even entire network storage devices. Depending on the ransomware used, either parts of the data are affected, such as the documents and pictures in the My Documents folder, or the entire hard drive is encrypted.
A very specific characteristic of a ransomware attack is the ransom demand. Most of the time, an affected computer shows a ransom note instead of the operating system directly when it is started. Thus, access to the infected system is no longer possible. The blackmailers promise to release the encrypted data as soon as the ransom is paid. As a rule, payment is demanded via a digital cryptocurrency such as Bitcoin. However, there is no guarantee that the cybercriminals will lift the encryption.
This is why home office environments are particularly at risk
The so-called ROBO (Remote Office/Branch Office) environments are particularly exposed to cyber threats. This is primarily due to the fact that these areas are located outside of the company's own premises and thus also beyond the direct reach of central IT security.
A closer look reveals many factors that create potential home office security gaps. For example, there is the use of private hardware. Numerous devices are active in the home office, most of which are in a network together with the laptop or PC used for business purposes. In addition, private network hardware is not comparable with the professional routers in corporate networks. Accordingly, these networks are often only rudimentarily protected against ransomware attacks and thus the home WLAN is responsible for many home office security gaps.
Many also operate differently in their own four walls than in a normal office. The computer is unprotected and family members may also access the system.
Tip 1: Secure the WLAN connection in the home office
Most users operate a WLAN at home. However, this is often not optimally secured. Many keep the default settings. Then the wireless network is unencrypted and the access point is either not secured at all or secured by a weak account. Therefore, it is important that IT Security teaches their own home office staff how to configure a router or access point appropriately. Active support during set-up is also helpful to close these home office security gaps for less tech-savvy employees.
First, it is important to change the administrator's account. The default settings are often known to hackers because they are always the same on some devices. When choosing a password, the usual requirements for secure passwords apply. It is essential to activate WPA2 encryption. In this way, all data in the home WLAN is encrypted so that cyber criminals can no longer eavesdrop on the data traffic.
Tip 2: Do not use private devices for work in the home office
It is tempting for employees and companies to allow the use of private computers in the home office. Employees are happy about the familiar use on their own computers and companies can save possible additional costs for the purchase of laptops and other hardware.
However, this strategy is dangerous and can even lead to violations of the European Data Protection Regulation (GDPR). With private end devices, the company's IT security has no control mechanisms to ensure that the systems are secure. This already concerns the use of the operating system and any missing updates. Furthermore, a large number of different applications are usually installed on private computers. These are also potential home office security vulnerabilities due to missing updates or other weaknesses.
It is impossible for IT security to rule out ransomware attacks on these systems. Therefore, only company-owned systems such as laptops can be considered for the home office. In this way, a uniform IT landscape is also created in the home office.
Tip 3: Ensure physical protection in the home office
An employee's own four walls are a completely different environment than the office. The company's IT security has no control over which people in the home office have access to the workstation. Therefore, it is important to establish standards for physical access.
The operating system can be protected with a password so that no unauthorised person has access to the computer. There is also the option of automatically locking the screen after a short period of inactivity and also securing it with a password. For passwords, the familiar security rules apply, such as specifying the length and composition, for example with upper and lower case as well as special characters. These measures are very easy for IT security to implement if the company provides laptops for employees in the home office. Then the corresponding security settings and passwords are already set in advance. It is also helpful to install a password manager and train employees in how to use it.
Tip 4: Virtual solutions as ransomware protection
A ransomware attack usually always affects the entire operating system. Especially because of the long list of home office security vulnerabilities, it makes sense to use virtual solutions to prevent such attacks. Virtual systems are encapsulated solutions set up within an operating system.
The web browser software package BitBox, for example, offers such a solution. Here, a "browser-in-the-box" runs on a separate virtual machine with its own operating system. If a ransomware attack takes place, only the virtual machine is affected. All data outside the BitBox browser is safe. This is strong ransomware protection, as many infections take place via the browser. The German Federal Office for Information Security was involved in the development of BitBox and recommends its use.
Another virtual security solution is a VPN, a virtual private network. This is set up between the computer in the home office and the company network. A VPN creates a secure, tunneled connection over the public internet. All data traffic is encrypted. This ensures that the data transmission is tap-proof and tamper-proof.
Tip 5: Design a strategy for backups and restoring remote sites
Despite all precautions in ransomware protection, successful attacks on home office computers can never be completely ruled out. For these cases, a strategy must be in place to restore the affected systems as quickly as possible. First of all, it is important to define which downtime (recovery time objective) is tolerable. It is also important to determine which data is particularly worth protecting and what data loss is acceptable (recovery point objective). Based on this, a backup strategy and a plan for the backups are developed. Duplicating the backup in the cloud gives IT security the flexibility to carry out a recovery both locally and via the Internet.
Tip 6: Use Disaster Recovery as a Service and remote maintenance options
The IT infrastructure in a home office is much more difficult to manage than local systems. It is therefore important to take precautions and create possibilities for remote maintenance. IT security therefore needs a tool for remote maintenance that is already rolled out with the implementation of the home office strategy. With this tool, small, everyday faults on the PC can also be solved quickly - even by IT Security staff who work in the home office themselves. The same applies to Disaster Recovery as a Service (DRaaS). This cloud service takes over the creation of regular backups for the systems in the home office. In the event of a ransomware attack, it is then possible to quickly restore the affected system in the home office.
Tip 7: Point out home office security gaps to employees and train them accordingly
Home office employees are confronted with a wide variety of cyber threats on a daily basis. The better prepared these employees are for the situation, the higher the ransomware protection for the company. This includes, among other things, training on phishing and how hackers try to copy internal mails with fake mails. Companies also have the option of moving all communication to a secure, internal platform. This can be Microsoft Teams, for example. This ensures the authenticity of the messages, as outsiders have no way of infiltrating messages. It makes sense to record these guidelines in writing. Make sure they are compact and clearly laid out so that employees are motivated to read them and can find answers quickly.
Tip 8: Implement encryption for data protection
As an additional ransomware protection, an encryption of the hard disk contents or at least of the company data on the systems of the employees in the home office can be implemented. Then access is only possible after multi-factor authentication. On the one hand, this protects the data from being stolen during a ransomware attack. On the other hand, this also ensures that the information does not fall into the wrong hands if the laptop is lost or stolen.
Tip 9: Build ransomware protection as prevention
IT security must ensure that the computers in the home office comply with the same IT security standards as the systems on site in the offices. This can initially be achieved with the usual means such as firewalls, spam filters, anti-virus programmes and anti-malware tools. It is also important to ensure that the computers are always up to date. The computers in the home office should therefore be integrated into the update routines. This can be done via remote maintenance as well as with tools for the automatic rollout of updates via the network.
Tip 10: Take measures against social engineering and home office security vulnerabilities caused by weak passwords
One of the biggest home office security gaps is still your own employees. On the one hand, weak passwords create dangers. One countermeasure is for the company to provide laptops for the home office and for IT Security to set the passwords for the systems. In this way, a high level of IT security is enforced.
On the other hand, social engineering is one of the central cyber threats, especially for employees in the home office. Here, regular (!) training sessions are the main way to educate employees on how to recognise fake news and websites, for example, or what information they are not allowed to give out on calls under any circumstances.
The home office concept has finally established itself through the Corona pandemic. Hackers have also recognised this and are massively exploiting home office security gaps. Employees in the home office are thus exposed to cyber threats on a daily basis, which threaten both their own system and the company network. Ransomware attacks pose a particular threat.
As is often the case, however, prevention is one of the strongest weapons of IT security. The security level in the home office increases with effective ransomware protection, whereby protection against all conceivable attack vectors is important. Equally effective is the targeted sensitisation of employees with regard to cyber threats.