In the last article, we discussed the latest report from FinCen that highlighted the significant rise of Business Email Compromise (BEC) scams and how this type of fraud is spread through phishing attacks as well as drive-by download malicious websites. In this article, we will discuss the inadvertent role that using your personal PC for office work plays in propagating BEC scams.
Compromised home computers adding to the BEC scam toll
We have come a long way since an office was considered four walls in a building. Today, remote workers are growing at an unstoppable rate thanks to advances in technology, with approximately 56% of U.S. workers, and 43% of European organizations currently having options for employees to work partially or entirely offsite. However, there are risks that can affect the overall security of your company, especially if you use your own personal computer.
There are many different ways that a system can be compromised. In a work environment connected to multiple firewalls and with security experts on staff, it helps to control the possibilities of BEC attacks. But let’s face it, most of us do some work outside of the office using our personal PC instead of the one supplied by the office. What this means is that one minute we are surfing the web for barbecue supplies or playing online games, and the next, we are logging into secure office servers and reviewing critical data. And unfortunately, that can lead to big problems.
Inadvertently opening a malware-infected email attachment, or surfing on a drive-by download malicious website can instantly compromise your system installing data/password collecting code. Then once you log into your organization’s system, it will be susceptible to BEC scam attacks.
How to minimize the risks on your home system
In a perfect world, we would use one PC for work applications only and another for everything else, and even though most companies have best practice policies regarding what is acceptable surfing habits, most people rarely follow it, and it is made even worse is they are using their own computer. So a little preparation is key.
Make sure you have an updated antivirus solution installed
Ensuring you have the right antivirus solution for your needs is critically important to prevent phishing attacks. The right antivirus solution, like Adaware, will detect and destroy any phishing attacks that may infect your computer.
As a best practice – Always make sure your antivirus software is up to date at all times. In addition run a complete scan of your computer before you working on anything sensitive or at least once a week. A scan can be set up to run automatically at a time that is not obtrusive to you.
Install a good antimalware solution
An antimalware solution like Web Companion is designed to alert you before you land on the drive-by download hijacked website. If you are unable to land on a hijacked site, your system will not be able to become infected with malware.
Install an ad blocker
Drive-by download attacks will frequently use pop-up ads as a method to distribute malware to unsuspecting victims. By using an ad blocker that is part of an antimalware solution like Web Companion or on its own will help make your system safer, as well as helping to reduce your potential exposure to these types of attacks.
Keep your systems OS updated
Whenever a new software release, patch or OS update is made available, make sure you have your system automatically install it right away.
Always remember you are using your home system
You should never forget that the system you are using is not your office system and always proceed with caution.
Avoid Public WiFi
If you work outside of your home’s secure network, beware. Public wireless networks are risky and vulnerable to malicious attacks. This is a big issue if you prefer to work from a café or anywhere else where you don’t have access to a secure network. Something like this is not recommended unless the proper precautions are taken.
Even though there are many risks to using your personal PC for office work. With a little care and precautions, there are ways of keeping you, your data and your employer safe,