The impact of the Covid-19 can still be felt, with high numbers of employees continuing to work remotely. But how does this affect your cybersecurity?

The shift towards remote work was essential at the start of the pandemic, and it has now become a permanent aspect of many employees’ lives. However, while it represents a flexible approach to work, which helps achieve a healthy work/life balance, it also comes with challenges in terms of cybersecurity. With employees working from different locations and connecting to your IT infrastructure from different networks, it’s a complex scenario to manage.

Staying Secure in the Remote Work Era

It’s important your organization takes the necessary steps to strengthen their defenses when it comes to remote working practices. Many of these are simple and can be implemented easily. Therefore, you need to make sure you follow these best practices:

  • Avoid Public Wi-Fi: remote working allows your employees to work from anywhere, but this can open them and your servers up to significant risk. In particular, the risk of public Wi-Fi networks – such as those found in coffee shops and public places – should never be underestimated. With little protection in place, these Wi-Fi networks can easily be compromised and risk your organization’s data being harvested. Therefore, your remote employees should be discouraged from using these, instead using secure networks at home.
  • Use Multi-Factor Authentication: For remote workers, extra layers of security are everything when it comes to protecting your networks. And this is why multifactor authentication can be a real game-changer in terms of your security. Furthermore, biometric authentication such as Windows Hello allows your business to enhance its security and prevent unauthorized access.
  • Use Secure Collaboration Tools: You have to think a little differently when working with remote employees, especially when it comes to collaborating. It’s not as simple as having your entire team in the same room, so collaboration software is crucial. However, this needs to be secure. So, make sure you use secure collaboration tools such as Microsoft Teams, Slack, and Basecamp to ensure your communications remain encrypted and safe
  • Monitor Remote Devices: With your remote employees’ devices out of sight, they need to be monitored closely. Endpoint monitoring software allows you to track devices in real time and identify any unusual behaviors. Automatic alerts and notifications can be put in place to ensure you’re aware of any breaches immediately and allows you to take action to neutralize any threats.
  • Employee Training: As ever, the most important aspect of cybersecurity for businesses involves employee training. Accordingly, your remote employees need specific training to make sure they understand the risks of remote work. Strong and unique passwords, for example, have never been more important, and being able to identify phishing attempts is equally crucial when an employee is unable to call on the immediate support of their colleagues.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Linus Sebastian, owner of popular YouTube channel Linus Tech Tips, has revealed how he woke at 3am in the morning to find his channel hacked. 
 
Linus Tech Tips is a YouTube channel which delivers technology-based content to over 15 million subscribers. Driven by Sebastian’s passion for technology, the channel has been running for 15 years and proven to be wildly successful. So, not surprisingly, it made a tempting target for hackers. As well as Linus Tech Tips, two other channels associated with Sebastian – TechLinked and Techquickie – were also compromised in this attack. 
 
While your organization may not run a YouTube channel, the method in which Linus Tech Tips was hacked could be applied to any IT system. Therefore, it’s crucial that we learn about session hijacking. 

What Happened to Linus Tech Tips

Alarm bells started ringing for Sebastian when he was woken at 3am to reports of his channels being hacked. New videos had been loaded and were being streamed as live events. But, far from being productions sanctioned by Sebastian, they were rogue videos featuring crypto scam videos apparently endorsed by Elon Musk. 

Desperately, Sebastian repeatedly tried to change his passwords, but it made no difference; the videos continued to be streamed. Sebastian was equally puzzled as to why the associated 2FA processes hadn’t been activated. Eventually, he discovered the attack was the result of session hijacking. 

A member of Sebastian’s team had downloaded what appeared to be a PDF relating to a sponsorship deal, but the file was laced with malware. Not only did the malware start stealing data, but it also retrieved session tokens. You may not be familiar with session tokens but, effectively, these are the authorization files which keep you logged into websites. So, when you return to that website, you don’t have to re-enter your login credentials each time. Unfortunately, for Sebastian, it gave the threat actors full and unauthorized access to his YouTube channels. 

How Do You Prevent Session Hijacking? 

Once it had been established that compromised session tokens were behind the breach, YouTube was able to swiftly secure Sebastian’s channels. Nonetheless, the ease with which the threat actors managed to bypass login credentials and 2FA is troubling. This means it’s vital you follow these best practices to protect against session hijacking: 

  • Understand what malware is: the attack on Linus Tech Tips was the result of malware and social engineering combining to deliver a sucker punch. Accordingly, educating your staff through comprehensive and regular refresher courses should be a priority. This will allow your staff to identify threats before they are activated and protect your IT systems from being compromised. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 


Read More