By David Prattent

Working from home (‘WFH’) has been introduced to most Australian workplaces during the COVID-19 pandemic crisis.  WFH provides an organisation with an opportunity to sustain at least some of its activities and keep it’s business going.

Unfortunately, WFH also provides an opportunity for hackers to explore individual and home vulnerabilities.  The Office of Digital Government and the Australian Cybersecurity Centre have recently sent an alert that there is a significant increase in phishing and malicious email campaigns.  What these campaigns are exploiting is that because people are working from home, they are more likely to be taken in by false emails because it is not so easy to double check or consult with colleagues and IT.

This short and simple guide provides basic information on what attacks are, what you look for and what you should do.  It is not intended an exhaustive coverage of the issue.  Some of you may find the information tells you what you already know.  Although that may be the case, we must remember that about 80% of successful hacking attacks started with someone unwittingly handing over their log-in details.  Without putting too fine a point on it, beware of over-confidence.

Firstly, four key definitions:

What sorts of attacks are there?

There are two key types of attack:

Phishing attack

In this case, an email is sent perhaps alerting you to something but asking you to click on a link which either asks you to log in using your credentials and/or asking you to enter such details as your credit card number.  Armed with this information, the hacker can easily log on to the system and, once they are in, can obtain lots of information for future use.  Or they can go online shopping.  Or they can sell your personal data on the dark web.  There are all sorts of possibilities.

Malicious emails

An email is sent to you with an attachment which you open.  Without you knowing, you have launched a virus or some form of malware which installs itself into your system so that it can be accessed later.  The email comes from what looks a reputable source such as a bank.

Are these methods effective?

As we have seen 80% of successful hacking attacks start this way.  To give you an idea of scale, reported losses to government agencies in 2019 exceeded $532 million.  Some recent examples are:

What should I look for?

We all need to be alert to the fact that this can happen anytime.  Businesses are already reporting a number of these attacks:

What should I do?

[gravityform id=”1″ title=”true” description=”true”]