3 Biggest Security Risks to a Workforce Going Remote

The pandemic-driven shift towards remote work has highlighted threats like ransomware and mobile attacks.
Adam Rowe

Remote work is great: Ditching a long commute saves workers stress and money while helping the environment and the employer's overhead bill in the process.

But the dangers of staying secure with a remote workforce are worth noting, and that's just what Europol has done in a new report.

The biggest problems bolstered by the pandemic-driven shift towards remote work include ransomware threats, attacks on mobile devices, and even exploitation of legitimate software services like otherwise secure VPNs or cryptocurrencies. Here, we'll summarize the most important details to know.

Greater Risk of Ransomware

As the EU's law enforcement agency, Europol keeps tabs on international trends as they develop. Their new report, the Internet Organized Crime Threat Assessment 2021 (or IOCTA), lets the rest of us in on what threats are the biggest. These threats aren't all due to remote work, but the report does call out the pandemic by name as one big change that cybercriminals are reacting to.

First on the list is ransomware and ransomware affiliate programs. Large corporations and public institutions are the most at risk here, as these bad actors are deploying supply-chain attacks with major disruption in mind. They're getting more elaborate in 2021, with “new multi-layered extortion methods” that include threatening a DDoS attack, exfiltrating data, and calling clients, business partners, or journalists to further pressure their victim into paying up. From the report:

“National governments should make businesses of all sizes aware of the risks of falling victim to ransomware and offer practical guidelines in securing their networks.”

The best measures are preventative, so don't wait for government guidance before ensuring your IT team knows how to secure the network.

Evolving Mobile Malware

Personal mobile devices are one channel that employees might use to access business emails and files, and they can easily prove to be a weak link for remote workforces.

Criminals will have to circumvent new security measures for mobile devices, with two-factor authentication standing as the most formidable. Trojans are the easiest way to get around this typically secure verification process, and the method is fairly new on the cybersecurity scene, according to the report.

“A number of mobile banking malware families have implemented new on-device capabilities to commit fraud by manipulating the banking apps on the user’s device using the Automated Transfer System (ATS) modules powered by the Android Accessibility Service. Banking trojans like Cerberus and TeaBot are also capable of intercepting text messages containing one-time passcodes (OTPs) sent by financial institutions and two-factor authentication (2FA) applications such as Google Authenticator.”

Since the two-factor verification triggers a text message with a code sent to the phone, the phone malware can get and use the code itself. One trojan called FluBot even self-propagates by spamming the infected device's contact list with phishing text messages.

Abuse of Legitimate Services

Finally, there's the abuse of trusted third-party services to compromise a device. One commonly exploited service is cryptocurrency, a popular option for money launderers. The process is possible through “mixers, swapping services and exchanges operating in grey areas.”

VPNs also give cybercriminals a little extra cover. Why? Because “these will provide them with a safe and secure browsing experience.”

Listen, we're not condoning cybercrime, but you have to admit that there's no greater recommendation for a privacy service than hearing that a criminal relies on it. You can check out our top picks for business VPNs, although we do not include any insight from criminals.

These channels aren't something that the average business needs to worry about. Instead, the report recommends that law enforcement agencies around the globe consider how to monitor criminal activity surrounding them, either with cryptocurrency regulation, mixer takedowns, or a focus on VPNs that frequently shield criminals.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He's also a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi coming out from Abrams Books in 2022. In the meantime, he's hunting own the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free