More people than ever are working from home, on the road, or accessing their office PC from client sites and hotels. According to WorldatWork, occasional telework has risen dramatically in just the past several years. My experience with the financial services industry shows that more and more accountants are using remote access from client sites to transfer files, or access information back at the office. Some interesting and somewhat startling facts:
- The number of employee telecommuters in the United States increased 39%, from 12.4 million to 17.2 million, between 2006 and 2008.
- The sum of all teleworkers — employees, contractors and business owners — increased 43% from 2003 to 2008, reaching 33.7 million last year.
- Fewer people are teleworking full time; however, more people are working remotely at least once a month.
- The most common locations for remote work are home (87%), a customer’s place of business (41%) and car (37%). Restaurants and libraries are becoming less common locations for telecommuting.
In a previous submission to this newsletter I wrote about some parameters for setting up a remote office. In this article I want to focus on a specific type of threat that can put your business at risk during a remote access session. The threat can do damage even if you have followed all the proper guidelines such as setting up a VPN, creating a secure sharepoint portal, or an encrypted connection like Logmein. In all of these cases you still need to be aware of the security threat posed by keyloggers.
A keylogger is a piece of software that records every keystroke made on a computer. A hacker who installs a keylogger virus on your computer will be able to see everything you type on your machine -- which comes in handy when they want to steal passwords, credit card numbers, bank account numbers, or sensitive client data. (This is truly a business and compliance nightmare!!)
For years, cyber criminals have been installing keylogger viruses on easy-to-breach, publicly accessed machines, such as those used in libraries. But your worry as a remote user probably won't be whatever viruses are crawling all over a publicly used machine -- as statistics show, you're almost definitely using your own computer or a company-provided one for business work. So what you have to beware of is a whole new round of viruses that can be downloaded to your own PC.
Remember that Conficker worm that was supposed to strike on April Fool's Day, and ended up exploding about a week later? One of its most devastating payloads was a keylogger virus.
So to protect yourself from keyloggers stealing your passwords, don't ever use public computers for any procedure that requires a login -- that means everything from checking email to checking a bank balance. And before using your own computer, or when using a client computer to access your office, make sure the antivirus and antispyware definitions are up to date -- and that full system scans are run on a regular basis. (Many people halt system scans or just stop running them altogether because they take up so much processing power. The solution to this issue is to run them at night because they are essential.) Remember that the mere presence of Anti Virus and Anti Spyware software does not guarantee that a PC is clean, the software and the PC require regular and automated updates and maintenance.