Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Chip Witt
Chip Witt
Connect Directly
E-Mail vvv

Security Officers, Are Your Employees Practicing Good Habits from Home?

Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.

When the world shifted to working from home, criminals pounced. Never wanting to miss a chance to capitalize on people in a time of weakness, they stepped up their phishing attacks, created fake COVID-19 information sites, and spoofed government health sites in efforts to access potentially valuable account information.

Related Content:

Struggling to Secure Remote IT? 3 Lessons from the Office

Special Report: Computing's New Normal, a Dark Reading Perspective

New on The Edge: Can Schools Pass Their Biggest Cybersecurity Test Yet?

While those types of attacks and scams have been around for years, people have been more exposed these last few months. With schools closed, students have switched to online learning programs and video calls. Parents find themselves sharing their work laptops with kids to do their schoolwork and join virtual classes. All of a sudden, family and personal accounts for Facebook, Nintendo, Xbox, and Netflix are right alongside office tools like Zoom, Microsoft Office, and corporate email clients.

In some cases, parents have used their work email to create new accounts for their children. They may have even reused the same passwords and shared the credentials with the family. It's easy to imagine parents letting their kids use company Zoom credentials for school calls, and then someone goes and reuses the same login and password to create a Fortnite account.

Then there's the huge boom in online shopping to think about. With stores closed, consumers have turned to e-commerce to get products delivered. In the first half of the year, online spending with US retailers grew 30% — up $60.4 billion — compared with the same period last year, according to the US Department of Commerce. As shoppers have placed online orders with grocery and retail stores for the first time, it's also easy to imagine how many new accounts have been created with reused work credentials — and then shared with family members.

Although security experts recommend using unique passwords for each account, the prevailing practice for most people is to reuse passwords across multiple sites. In fact, SpyCloud's report on password reuse among Fortune 1000 employees found that 76.5% have reused the same password paired with their corporate email on more than one breached account. With the shift to e-commerce likely permanent, along with the continued acceptance and prevalence of remote work, the consequences of those reused and shared logins have staying power.

Criminals love this. If a login and password is ever stolen in a data breach, the information will eventually circulate on Dark Web marketplaces where bad actors buy and sell breach data. Those breached credentials are then available to criminals for credential stuffing, where credentials are tested against other sites to see which additional accounts they can take over. Some criminal tools can even test for common password variations, like changing certain letters to numbers (Password vs. [email protected]) or adding numbers or symbols to the end of a word (password123). If a password has been exposed in one data breach, any other account with a variation of the same password is at risk.

That's exactly what happened to Nintendo account holders earlier this year. On April 24, the company confirmed that attackers were able to access 160,000 Nintendo accounts that were vulnerable because people used passwords that had been exposed in previous data breaches. The criminals behind it were able to extract specific billing and account information from the breached accounts, including rewards points, Nintendo Store, and Nintendo eShop balances, PayPal subscription IDs, credit card types, card expiration dates, currency denominations, the first six digits of the credit card numbers, and the last four digits of the credit card numbers.

So, now what happens when your employee's 10-year-old has one of their online accounts exposed in a breach, and your employee has set up the account with their corporate email and password? Suddenly, the risk to sensitive company email skyrocketed. At work, the company can monitor corporate credentials for breach exposures to keep attackers locked out of work accounts, but when employees reuse exposed passwords across personal logins, they can create a dangerous blind spot for corporate security teams.

Security awareness education — and constant reminders — are necessary. Share relatable scenarios like the ones in this article to teach the dangers of reusing passwords and the need for smart and safe online habits. It may be awhile yet before offices reopen en masse, which means the threats from intermingling personal and professional account credentials will continue. And even after we start going back to the office, criminals will be lurking, waiting to exploit our bad habits.

Security leaders, stay vigilant. Even if you can't see your employees in the office, you need to tell them that criminals are always trying to find a weak link in the chain.

Chip Witt has over 20 years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the Vice President of Product Management at SpyCloud, where he ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Alan Brill
Alan Brill,
User Rank: Author
10/16/2020 | 11:24:38 AM
The Truth is That the Work/Home Difference has Evaporated
The organizational changes resulting from the pandemic are very real, and failing to recognize that the traditional differentiation between the office and home environment are not what they were is likely to have problems. 

Thanks for an informative piece.
User Rank: Author
10/13/2020 | 1:54:53 PM
Great article
Thanks. Very informative
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.