Project Warwalk: The COVID-19 Pandemic and Working From Home

Welcome back to the latest Project Warwalk article. In this post, we’re going to build off of what we published last week, so click here to get up to speed for the topic we’re talking about today. To catch up on the earlier articles, click here.

To briefly recap, in our last post we talked about WiFi problems on the home front. This included you, or your family members, accessing your neighbors WiFi, or they accessing yours, whether there is permission or not (Always ask for permission). This could lead to the spread of malware on your home network or your neighbor’s. On the non-malicious part of the discussion we talked about how things inside the home, such as concrete, metal, and furniture affect the signal strength of your WiFi. Also, outside of the home, how densely populated your neighborhood is, can affect your the signal strength and even cause network outages.

Building off of this, let’s talk about the COVID-19 pandemic and work. We’ve already covered some topics here and here toward the beginning of the outbreak.

The COVID-19 pandemic has caused businesses to adapt to a few different models that keeps employees productive. Some organizations have transitioned to all employees working remotely, a hybrid model where some employees maybe working from a “corporate” main office and some work from home, and lastly there are some organizations such as grocery stores, hospitals, and manufacturing where employees have to be onsite. We’ll focus on the first two models that entails employees working from home either full time or they have access to the main office.

Solely sticking to the theme of this series of WiFi signals and SSIDs, let’s make up a plausible scenario that can impact a business when working from home. If a business is security conscious the set up may look like this: the employee has a laptop (hopefully business owned), with a VPN connection in order to connect to the physical business’ internal network, or cloud servers/services. Some employees may need to use RDP to access other machines in the business enterprise. Some companies may also allow split tunnel VPN to reduce the amount of network traffic being sent to the business network from those working at home and access to non-business resources would rely on the employee’s regular Internet connection.

Here’s scenario one, and we’ll say the employee working from home is allowed to use split tunneling for the business VPN. Now let’s say the employee’s kid gets a DM on social media, or an email, that contain a malicious link/attachment and they open it. The next domino to fall is the kid’s device gets infected, which then spreads throughout the home network. Now, with the kid’s parent on a split tunnel VPN connection, the malware could hit their computer over the home LAN.  This gives the malware a chance to infiltrate the business network. The malware could be ransomware, or it could be used to spy/steal data from the organization. All of this resulting from a phishing attempt on the employee’s child. Maybe the phishing attempt was planned out to target the kid in the first place. That means this spear phishing attack was deliberate.

Scenario two would play out the same way, minus a phishing attempt and a deliberate/planned attack. It could be as simple as a family member connecting to a WiFi network outside of the home (neighbor, friend, store) that’s infected. Once they return home their phone would automatically connect to the family’s WiFi. Upon connection, the malware may spread across the home LAN. If someone in the home is at work, the outcome is similar to the first scenario where the malware winds up hitting the VPN connection to the business enterprise and ultimately causing a security issue for the company.

The last scenario would be an attack on the work from home employee’s WiFi, whether it was planned or not. If the employee’s WiFi is completely open, or is using protection less than WPA2, the attacker would have a very easy time accessing the home network externally. If the employee is using split tunnel VPN, or something like Teamviewer as a way to RDP to a remote workstation at the business’ physical location, it’s an avenue for the bad actor to use to get inside the organization’s network. This is why it’s important to have all your network connected devices properly locked down, whether you’re working from home or not.

And for the businesses who are now managing a large increase of work from home employees, ensure that you equip the business enterprise with proper controls, security measures, policies, and procedures for the internal network. The same thing goes for employees working from home. As the business owner, you also have to find out where does your responsibility end for the I.T. support team for the work at home employee.

Like in the previous post, we talked about the non-malicious effects on WiFi from materials such as concrete, metal, and glass, to objects such as furniture and appliances impacting signal strength. We also discussed external influences on signal strength such as crowded bandwidth from neighbors which can also contribute to slow connection speeds or network outages. This can impact an employee working on their laptop uploading/downloading large files, as it may take longer. Video conferencing apps can buffer something awful, so it does affect communication.

It will be interesting to see what the aftermath is once the COVID-19 pandemic is over and the disease is under control. How did it impact the security of an organization as a result of working from home? What are your thoughts and observations about this? Use the contact link in the next paragraph to share what you’ve witnessed at your business during this strange time.

We hope this gets you thinking as an employer and an employee of ways to better secure your organization. Click here to contact us if you need help.

See you all next time.