As we always remember, cybercriminals are constantly adapting to new social, political, economic and technological circumstances.
Telecommuting, or 100% remote work, has become an increasingly frequent work reality, both in the private and public sectors. Especially in those companies or entities, in which office attendance is not an indispensable condition (e.g. digital companies, call center, software development, start-up, etc.) or even if they become fully virtual (metaverse).
But this new employment situation has its associated risks and threats. Therefore, in today’s TIP we would like to convey to you a RECENT WARNING FROM THE U.S. FBIwhich has issued an alert related to fake candidates, who manage to overcome the barriers of the selection processes and to be formally hired as remote employees.
Once they have obtained the necessary access to the systems, they try to get their hands on all kinds of information, defraud in the name of that company or install software (virus or ransomware) that allows them to collect data or damage the entity. The more technological the vacancy they apply for as fake candidates, the more administration and management privileges they can get.
HOW CAN WE AVOID THIS?
Applying the Zero Trust principle at all times, even to known and duly authorized users. Which implies, among other things:
- Before hiring a candidateBefore hiring a candidate, check through official channels his or her qualifications, references and any other employment information that will allow us to verify his or her identity.
- Never hire blindly and 100% remotelyIt is important to have some kind of interaction, beyond teleconferencing. Even if this means that either the new employee or the employer will have to relocate at some point in time.
- Guarantee the principle of least privilegenot allowing that, even if he works geographically in another country, he has administration permissions that allow him to install and uninstall software without any type of control or telematic supervision.
- Require two-factor authenticationto ensure that there is a trace, as far as possible, of connections to systems and information or communications traffic, not only incoming, but also outgoing (e.g. via VPN).
- Constant monitoring of systemsThis is achieved through security elements (antivirus and firewall), but also, and if possible, through a SOC system or service that allows early recognition of inappropriate, anomalous or even fraudulent activities. And complemented by periodic reviews of the activity logs of the platforms and cloud used, in order to assess whether users are uploading, editing, printing and deleting documents and information, according to the authorized activities and functions related to their position or position.
- At the slightest suspicion, even from a colleague, report it to your line manager and the IT department.The company’s management and auditors can, if necessary, block access and carry out a control audit (preferably through computer experts), in accordance with the principles of proportionality, appropriateness and necessity, and always under reasonable suspicion of fraud or infringement.