Third Party IT Support: Your Next Loss?
Mar 06, 2023|
The pandemic has resulted in major changes to the future of work. It has also changed the way criminals devise ways to compromise your network security. Starting now, and into the future, nearly every company will have staff working from home. Businesses have found that work at home options reduce the costs associated with office space and equipment, and in some cases, reduces internal conflict.
Almost everyone has offsite IT support that can fix IT issues on their computer using remote software like AnyDesk. Federal intelligence and cybersecurity officials are issuing warnings about the rise in this type of technology presenting more of a threat. By using social engineering techniques that we teach in our programs, a criminal can dupe your staff into allowing remote access to their computer or network. Nearly all of us have had a tech support person who has requested to take remote control of our PC to fix things. The criminals have discovered this to be an open door into your computer system or PC.
With this ever present growing threat, it is now necessary to train your staff, not only about phishing attacks, but also social engineering techniques that are used to gain control to a system. A call into your financial institution claiming to be XYZ technology could be a direct attack to take over your network. If I were a bad actor, I would initiate my plan by calling into your bank one to three months before my scheduled attack to obtain information from staff on the type of software you have and who is managing it. Then when I'm ready to deploy my attack, I would make a direct call to someone in the loan department who handles the loan origination software, which would be a good target. If I know the keywords to describe your system, I could convince them to give me access to fix the alleged unknown issue. This is similar to the idea of warning consumers about a major car recall, only in this case it would be a ruse to fix your software quickly. Once your staff opens that virtual door, I have bypassed all of your passwords or other security measures.
A few tips to fend off attacks include: consider multifactor authentication using PINs, a biometric, or a key fob; audit the remove access tool used by your financial institution to check for abnormal access; use VPN for any work-related business from home or remote locations. It's also a good idea to determine if your financial institution has any software that can detect and stop this type of attack before it happens.
|
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras sed sapien quam. Sed dapibus est id enim facilisis, at posuere turpis adipiscing. Quisque sit amet dui dui.
Call To Action
Stay connected with news and updates!
Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.
We hate SPAM. We will never sell your information, for any reason.
