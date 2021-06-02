Work-from-home culture has increased vulnerability to cyber attacks as common mistakes made by corporations and individuals have made life easy for hackers, according to IT security experts at GISEC 2021, the Middle East and Africa’s cybersecurity event, which runs at Dubai World Trade Centre (DWTC) until June 2, state news agency WAM reported on Wednesday.

Disabling firewalls, reusing passwords and using simple passwords are the biggest mistakes individuals make when working from home.

A lack of server message block signing, trusting solutions without having the knowledge to break them, misusing service or privileged accounts and falling for “hipster tools”, means hackers can make quick money in the remote working era, said Paula Januszkiewicz, CEO of CQURE, the cybersecurity firm that works in partnership with Microsoft.

“Firewalls are often misconfigured, there’s no need-to-know process or protection,” she said. “Passwords are almost always re-used, or easy to guess; they invariably include the company name and a number,” she added, while giving a live demonstration of how easy hackers can pose as a colleague to access a system and company network.

“Phishing is the main means of transportation of malware, ransomware. It is fast and it is easy. The average income of someone who runs a malware or ransomware scheme is about $90,000. It’s good money.”

Paula Januszkiewicz, CEO of CQURE

While education and awareness is key, Januszkiewicz added hackers have become a “little lazy” as they look to get rich quick and it is possible to limit their impact.

Matthias Schranner, a former FBI hostage negotiator and now CEO of the Schranner Negotiation Institute, urged individuals to not waste time trying to solve the problem themselves.

“Companies underestimate danger and believe that their IT teams will be able to solve the problem. Every hour that passes while they try to figure out a solution will cost the business money.”

Matthias Schranner, CEO of the Schranner Negotiation Institute

Companies should consider setting up a negotiating team and establishing proof of life, according to Schranner. “The team should comprise an internal commander and an external expert, who is not emotionally invested in the company. If the chief negotiator is emotionally involved, he or she will make mistakes; any thoughts about injustice and morality need to be set aside.

“Ransom is mostly paid in cryptocurrency such as bitcoin,” he added. “If a business wants to pay, first it needs to be able to pay, but it is not possible to buy huge amounts of bitcoin instantly, it can take two or three days. We recommend companies have a contingency fund for this. The negotiator will agree the payment details.”