HP Tech@Work
Today's trends for tomorrow's business
The New Target of Cyberattacks: Small Businesses and Remote Employees

The New Target of Cyberattacks: Small Businesses and Remote Employees

Opening a single email can put small and medium businesses at risk, making remote-work security more important than ever.
The attack began on the morning of April 19.
The internal monitoring systems at financial software provider Wave Accounting alerted staff that some of its services were being disrupted. Someone was flooding the system with requests in an attempt to render the company’s offerings unavailable in what’s known as a “distributed denial-of-service” (DDoS) attack.
Within minutes, nearly every one of Wave’s 280 employees was engaged to contain the damage, inform customers, and rout out the attack.
“It was pretty much all hands on deck,” explains Ideshini Naidoo, the company’s chief technology officer, adding that Wave had to work around the added challenge of not being physically together while mounting its defense.
Fortunately, Naidoo and her team were already on the lookout. As the coronavirus spread chaos and disorder around the world, and as aid packages were offered to help small and medium-sized businesses (SMBs) in the United States, cybersecurity experts warned that attacks would spike.
“Attackers have this really good opportunity to send a phishing email that says, ‘Hey, you can get PPE like masks by clicking here,’ and off you go providing details you shouldn’t,” Naidoo says. “Or, people appeal to the humanitarian side, saying, ‘Click here to make a charitable donation to support healthcare workers.’ People are falling for those phishing attacks.”
In the end, Wave’s services were only down intermittently over a few hours. Had the attacker been more sophisticated, or had the company been less prepared, Naidoo says it could have caused significant damage.
“A DDoS attack is a serious concern,” she says. “It can take you out, and if a small business’s services are not available to their customers, that’s it, you’re not making any revenue, and you have potential reputational risk.”

Phishing during the pandemic

Phishing During the Pandemic
According to Google’s Safe Browsing service, the number of phishing sites detected by the search engine nearly doubled between the start of the year and mid-May. Furthermore, according to Verizon’s 2020 Data Breach Investigations Report, more than a quarter of all data breaches perpetrated this year targeted SMBs, which often are less prepared to prevent or respond to an attack than large enterprises. Within two months of the outbreak, 13% of small businesses reported that they had been victims of an attack.
While large enterprises were once the primary targets of such attacks – including one that robbed Google and Facebook of $100 million between 2013 and 2015, and another that cost Sony Pictures roughly the same amount in 2014 – hackers have discovered that they can often penetrate an SMB’s network more easily. Using a DDoS or other type of attack, they can then prevent that business from operating until a ransom is paid.
“A few years ago, SMBs were not as targeted, just because the getting was pretty good from big companies,” explains Matthew Gardiner, principal security strategist for the cloud-based security provider Mimecast. “As security got better at big companies, attack patterns shifted to small and medium-sized businesses.”
According to Gardiner, the primary avenue of attack against SMBs is in the form of malicious emails that often contain harmful links or attachments. While some of these emails are generic, poorly written, and easy to spot, others leverage real information to mimic trusted senders requesting sensitive data.
“They’ll use LinkedIn to find someone in human resources at a company and someone [else who works] at that company. A few months ago they’d make sure they’re at different offices, but of course, now most people are at home, and they’ll send an email simulating that it’s from the employee to the HR person, saying, ‘Change my direct deposit address,’ ” says Gardiner.
According to a recent study by Mimecast, impersonation attacks grew by 24% between January and June. The study, which analyzed more than 195 billion emails, found that these attacks typically use subject lines containing words like “invoice,” “order,” “PO,” or the names of well-known courier or shipping companies.
“Some of these can look very convincing because they can, in an automated fashion, pull graphics off your website, so the email that comes through might have your company logo on it and look superficially quite legitimate,” explains Ian Pratt, HP’s global head of security.
Pratt adds that such attacks appear to be getting more sophisticated and more successful in part because victims don’t have access to the same resources as they would in a traditional office.
“I suspect part of it is that users aren’t in an office situation where they can ask a colleague whether it looks legitimate or not. They’re working on their own at home, unable to query things,” he says. “Just using anti-virus software isn’t enough these days.”

Preventing cyberattack in a remote workplace

The new work-from-home environment not only makes it more difficult for companies to respond to suspicious activities, but it also expands the attack surface into the home.
Internet of Things (IoT) devices in the home, which range from smart thermostats to video doorbells to wireless printers, can provide a less-secure avenue for hackers seeking to gain access to the home network, which is often shared with workplace laptops, explains Shivaun Albright, HP’s chief technologist of Printing Security.
“Unfortunately, IoT devices commonly found in the home are not as secure because they are often missing key security features such as firmware updates,” she says. For example, it’s common for IoT devices to be shipped with a well-known default password that’s an easy target for hackers, especially since many people don’t bother to change it once the device is installed. And as soon as a single employee’s laptop is compromised, the corporate network can be at risk, threatening the entire business.
It’s for these reasons that HP printers come equipped with the highest-possible security settings in place right out of the box. “We’re shipping [small-business and home printing products] with unique passwords,” she says.
HP printers can also proactively detect and thwart a malware attack from outbound DNS network packets on those printers equipped with the HP Connection Inspector. Once an attack is detected, the device initiates Sure Start, a process that returns the device to a safe and secure state.

Mixing work devices and home environments

Mixing Work Devices and Home Environments
Gardiner says that there are a number of steps individuals can take to prevent phishing or impersonation attacks, and simple education on best practices from employers is key.
“The list is fairly long on basics, but certainly includes multifactor authentication and more sophisticated and automated anti-phishing, and then behind your technical controls you need to have your people and your processes resilient to cyberattacks,” he says. “Just very simple things can help, like looking closely at the full email address in the ‘From’ line rather than just the name of the sender, to check that the domain is the correct one for your organization,” adds Pratt. “Although these, too, can be forged or compromised, in most cases the scammers don’t bother, so it’s a useful check.”
The sudden transition to remote work created new opportunities for hackers to attack both business and personal devices. Keeping software up to date, enabling two-factor authentication, choosing strong passwords, and using a password manager can also go a long way in protecting small businesses from hackers.
Pratt adds that choosing technology designed with security in mind can significantly mitigate the risks and reduce the potential damage caused by an attack. For example, HP PCs come standard with HP Essential Security, a suite of security features including HP Sure Sense and HP Sure Click, which proactively prevent threats and ensure fast recovery if an attack does happen. SMBs can upgrade to HP Pro Security for advanced protection against malware and phishing attacks.
“Sure Sense is a next-generation approach to spotting malware that uses machine learning and artificial intelligence to stay ahead of attackers,” Pratt says. “When the user clicks on a potential phishing site that is trying to steal their credentials, we can alert them that they shouldn’t enter any passwords or other details.”
HP Sure Click provides an added layer of protection without relying on detection. “Basically, for any potentially risky activity like opening an email attachment or clicking on a link, it’s going to create a virtual machine in the background, a disposable computer, to perform that particular task,” Pratt explains. “That disposable computer is going to live just for the life of the task, and only have the access and resources required for that task, no more. When the task finishes, that virtual machine is automatically thrown away.”
While many small businesses equip their staff with generic cybersecurity software, Pratt warns that such services are often insufficient to protect them against increasingly sophisticated attacks, especially in a remote workplace setting.
“Just using anti-virus software isn’t enough these days,” he says. “Now everybody has to take this stuff more seriously and use more sophisticated approaches to security.”

Disclosure: Our site may get a share of revenue from the sale of the products featured on this page.

Disclaimer

Prices, specifications, availability and terms of offers may change without notice. Price protection, price matching or price guarantees do not apply to Intra-day, Daily Deals or limited-time promotions. Quantity limits may apply to orders, including orders for discounted and promotional items. Despite our best efforts, a small number of items may contain pricing, typography, or photography errors. Correct prices and promotions are validated at the time your order is placed. These terms apply only to products sold by HP.com; reseller offers may vary. Items sold by HP.com are not for immediate resale. Orders that do not comply with HP.com terms, conditions, and limitations may be cancelled. Contract and volume customers not eligible.

HP’s MSRP is subject to discount. HP’s MSRP price is shown as either a stand-alone price or as a strike-through price with a discounted or promotional price also listed. Discounted or promotional pricing is indicated by the presence of an additional higher MSRP strike-through price

The following applies to HP systems with Intel 6th Gen and other future-generation processors on systems shipping with Windows 7, Windows 8, Windows 8.1 or Windows 10 Pro systems downgraded to Windows 7 Professional, Windows 8 Pro, or Windows 8.1: This version of Windows running with the processor or chipsets used in this system has limited support from Microsoft. For more information about Microsoft’s support, please see Microsoft’s Support Lifecycle FAQ at https://support.microsoft.com/lifecycle

Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, Xeon Inside, and Intel Optane are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

In-home warranty is available only on select customizable HP desktop PCs. Need for in-home service is determined by HP support representative. Customer may be required to run system self-test programs or correct reported faults by following advice given over phone. On-site services provided only if issue can't be corrected remotely. Service not available holidays and weekends.

HP will transfer your name and address information, IP address, products ordered and associated costs and other personal information related to processing your application to Bill Me Later®. Bill Me Later will use that data under its privacy policy.

Microsoft Windows 10: Not all features are available in all editions or versions of Windows 10. Systems may require upgraded and/or separately purchased hardware, drivers, software or BIOS update to take full advantage of Windows 10 functionality. Windows 10 is automatically updated, which is always enabled. ISP fees may apply and additional requirements may apply over time for updates. See http://www.microsoft.com.

HP Rewards qualifying and eligible products/purchases are defined as those from the following categories: Printers, Business PCs (Elite, Pro and Workstation brands), select Business Accessories and select Ink, Toner & Paper.