September 11, 2020

Who’s Been Sitting at My Desk?

The Unwelcome Office Visitors Who May Have Been in When You Weren’t.

Work-life as we knew it pre COVID-19 may seem some way off, but many organizations are working hard to re-open offices in a safe and secure way. Anyone involved in return to work strategies knows it’s a complicated process, with both practical and psychological barriers to consider and overcome. While cleanliness and employee wellbeing are likely high up the agenda, it’s likely cyber security isn’t a primary focus. After all, it’s more secure working in an office than from home, right?

The answer is not when they’ve been empty for several months. Indeed, there may be threats in existence now that weren’t there when you left. I’ve talked before about the importance of keeping your guard up when returning to empty properties at the end of lockdown – and this applies just as much to your workspace as your home. But don’t worry – the solutions are simple when you know what to look for

Covid crime

The Covid-19 lockdown has been a productive time for some criminals. The sudden adjustment to working from home created many cyber vulnerabilities – from Zoom-bombing to prying smart speakers and everything in between.

On top of this, scammers have had plenty to take advantage of – from faking NHS track and trace requests to exploiting the rise of online purchases, there’s been plenty to do. It’s not surprising, therefore, that online threat levels have risen by as much as six-times higher than normal during the COVID-19 lockdown.

The pandemic has also presented criminals with a unique opportunity to access office spaces that would traditionally be teeming with employees and security staff. Even if your physical security staff have been ever present, the window of opportunity to physically access unsupervised computers and workstations is greater than it has ever been.

The objective is the same, obtaining information is the name of the game whether the target is a specific individual or the wider organization.

Below are just a few methods an attacker may consider using if they’ve had access to your offices. It’s not an exhaustive list, but provides useful insight on vectors an attacker may use to exploit their target:

Man in the middle attack (WiFi Spoofing)

Accessing a deserted office presents the opportunity to set up a fake WiFi hotspot. Using this, a criminal can ‘spoof’ the WiFi and obtain information from your device while connected to it. Any unencrypted information being sent from your device will go through the attackers WiFi.

This information is then susceptible to further analysis which could allow the attacker able to interpret the data coming from the device such as passwords – and gain access to your entire online life.

Key stroke logging

How many times do you walk into the office and check the back of your computer? Hardly ever right? An unsupervised computer may have had a device put in the back which is connected to the keyboard. This may record keystrokes all the way down to how many mouse clicks you make. This device can easily catch information such as usernames and passwords as well as sensitive conversations on instant messenger, and even personal conversations.

Strategically placed USB

A particular favorite of cyber criminals is to strategically place USB sticks around the office. They may further incentivize people to plug these in by marking them up with something intriguing like ‘Confidential’ or ‘Sensitive’. When plugged in the USB invisibly infects a machine, and allows an attacker to gain access to the infrastructure.

Listening devices

Cameras, listening devices or hybrids of both are readily available to purchase online and can easily be deployed in locations where sensitive information is being discussed. Favorite places for criminals to plant these devices are board rooms, or the private offices of a CEO and CFO – criminals in empty offices will have had time to choose their location carefully.

How to keep safe

When you do return to the office, the following steps should flush out anything suspicious:

Eyes wide open

First and foremost check your surroundings – and ask your employees to do the same:

  • If you see any new equipment, find out where it has come from and why.
  • Check the back of your computer desktops to see if there is anything out of the ordinary.
  • Be wary of tailgating as you enter the office.
  • Pay close attention to any physical changes to the office – if anything looks new or different, ask why.
  • Check everything that arrives from an external source.
  • Be wary of accepting gifts or executive desk items – even if they are from a known source.
  • Don’t fall into bad habits – never write down a password.
  • Clear your desk – a clean tidy desk will quickly show up anything that shouldn’t be there.

Ask your IT team to check on the following:

  • Have there been any changes to the WiFi passwords or security mark up i.e.: What type and format of passwords are being used? Is it using a certain type of encryption?
  • Check the IT systems within your comms room, including log files and CCTV to see if there is any unusual activity.
  • Make sure your security policies and procedures are clear, well-communicated and up to date, e.g. your document shredding and retention policy.

Call in the professionals

If you see anything suspicious – or just want true peace of mind, a technical surveillance counter measures inspection (TSCMi) and cyber security audit are the best way of ensuring everything is as it should be.

Gurpreet Thathy

See here more content by Schillings


Newsletter Sign Up

Newsletter Sign Up

Get regular insights direct to your inbox.