Working from home sounds like a safe, familiar environment. But there are also dangers lurking at home. And especially for companies.
A harmless-looking email from an internal company address, perhaps combined with a request to register for a new mailing list. In fact, however, cyber criminals are the senders. They want to break into the company network in this way. But there are ways you can protect yourself from such attacks in your home office.
Phishing is particularly dangerous
Most attacks are so-called phishing, which is derived from English “fishing”. “For example, it’s about attempts to lure users to fraudulent sites with fake messages, emails or SMS,” explains Andy Voß from “Computer Bild”. Phishing attacks are not always immediately recognizable, even for experienced users or even professionals, and are increasingly directed at company employees working from home.
Despite all the technical possibilities: in the end it is always the user who is at the center of a cyber attack. “Phishing is a form of social engineering, i.e. an attack on the human vulnerability. Technical protective measures make sense, but cannot prevent such attacks,” says Eikenberg.
Do not use private computers
“Employees working from home are popular because they are easy victims. While the company admin still has a certain amount of control over the work computers in the company, this is often not the case in the home office,” says Ronald Eikenberg from the “c’t” trade magazine. A company is particularly vulnerable when employees use their own computer for home office work, which is also used privately.
“If the employee catches a Trojan at home, it can then ravage the company network through the VPN connection. In the worst case, one wrong click can paralyze the entire company,” warns Eikenberg.
The IT industry association Bitkom therefore advises leaving out private computers in the home office. “It is better to only use company devices, on which, for example, access rights are then restricted and only administrators are allowed to install software,” says Simran Mann, IT security expert at Bitkom. In addition, it can also be ensured that necessary security updates are actually imported.
Also interesting: These are the nasty tricks of the phishing scammers
Protect your home office computer with a virus scanner
If the home office is infected, this is not necessarily immediately recognizable. One goal of the attackers is to remain undetected for as long as possible, explains Eikenberg. “Indications of this are, for example, redirections of website calls, the appearance of programs that you have not installed or a sudden increase in system load.” Users should also become skeptical when the virus scanner starts.
The following applies: Only work with up-to-date software and only with an active virus protection program. The Defender integrated in Windows 10 and 11 is sufficient in many cases, says Eikenberg. Email is still the main gateway for cybercriminals.
“But there have been and are attacks in which employees are foisted with prepared USB storage devices that automatically install malware when they are plugged into the company notebook,” says Bitkom expert Mann. Here, however, the effort is of course much higher.
While e-mail attacks used to be relatively easy to detect, for example through bad German in the text block of the e-mail, it is now much more difficult. “Some of these e-mails have been researched very professionally and extensively, right down to the e-mail signatures of the supposed senders,” warns Simran Mann. Of course, this makes it all the more difficult to protect yourself from attacks in the home office.
When in doubt, better ask
“Of course, those who actively inform themselves about the tricks of the attackers recognize them more easily,” says Voss. Under no circumstances should you open attachments in emails from unknown senders just out of curiosity.
Cyber criminals have it comparatively easy with people working from home because communication is almost exclusively digital. “There is no personal exchange in private. The probability is much higher that you fall for a fake mail that supposedly comes from the boss or admin,” says Eikenberg. If you are unsure, it is better to ask too many questions by phone than to open dubious attachments or carry out nebulous instructions.
But it’s not just about the employees. According to the IT industry association Bitkom, companies could also do a lot more to make company networks more secure. “Cyber security must be a top priority,” says Simran Mann, IT security expert at Bitkom. “Companies must recognize that protecting IT as a central infrastructure also costs money.”
As a guideline, the Federal Office for Information Security (BSI) recommends that companies use 20 percent of their IT expenditure for cyber and information security in its situation report on IT security. But only 16 percent of companies responded to the Corona crisis by increasing their budget for information security.
Attacks by phone
But criminals are still trying to gain access to computers by telephone. Vishing is also mentioned here, a neologism of “voice” (voice) and “phishing”.
A classic: scammers pretend to be Microsoft support employees on the phone and thus repeatedly manage to get people to install software for remote maintenance. Then they have full control over the computer and access to all data.
Andy Voß advises hanging up on such calls immediately. Neither Microsoft nor other reputable companies ever make unsolicited calls or simply send emails asking for personal information. One of the best protections against cyber attacks and social engineering: common sense and skepticism.