Cyber Security

Cybersecurity Part 2: Changes since ‘Work from anywhere’ became prevalent

cybercriminals' practices are changing to take advantage of new opportunities. How will their new game plan impact you and your company's security? Let's find out...

January 26, 2021

This is the second article in our 4 part Cybersecurity series:

  1. Cybersecurity & Cyberattack Terms
  2. Changes since ‘Work from anywhere’ became prevalent
  3. The business impact of cyberattacks
  4. Cybersecurity best practices

As our jobs are changing due to the pandemic; cybercriminals' practices are also changing to take advantage of new opportunities. What are those opportunities? How will their new game plan impact you and your company's security?

In this article, we will look at how cybercriminals have changed their tactics and what you should be looking for to avoid their traps.

cyber criminals office in high rise building

Security risks exposed by ‘work from anywhere’

Early March 2020 in the United States found most people commuting to their office and working on company-issued workstations. Once the pandemic came into full swing the work environment changed drastically with nearly everyone utilizing remote software to work from home.

For a clear understanding on how remote software works read our article: Working from home: The right infrastructure for telecommuting success

Utilizing remote software increases a companies threat surface by adding more hardware to the equation. The hardware being used to access company assets is typically not company-owned and therefore not controlled by the company. This presents new opportunities for cybercriminals.

Personal computer security risks:

  1. Security Stack: When working in an office there are multiple layers of security keeping you and your data safe.
    Many home users get a computer > turn it on > assume once updated everything is secure.... it isn’t.
  2. Number of users: I have 3 boys who will click on anything and everything if it looks shiny. I also have a wife who hates remembering passwords (I won’t tell you how she handles that problem...... :)
  3. Device Login: 83% of users in America have weak passwords. 35% of Americans never change their passwords. For information on how easily a password can be hacked read the first article in our cybersecurity series.

The combination of those 3 (especially 1 & 2) makes for a much easier entry point for cybercriminals.

How cybercriminals infiltrate your computer:

In 2019 personal computers were twice as likely to be compromised as business computers. Now with many people working from home on personal computers, that number is projected to double.

I was recently on a webinar from one of our vendors and they presented this slide pertaining to phishing attacks in the United States.

Download the complete threat report.

These numbers are telling of where cybercriminals are shifting their focus. Now that personal computers are being used to access corporate networks; cybercriminals are focusing their efforts on this less secure entry point.

OK.... but what do these attacks look like

91% of cyberattacks start with a phishing email. What does a phishing email look like? Below are a couple of examples:

If  there is a link in an email and you don’t personally know the sender OR it is worded in a way the sender wouldn’t normally communicate; don’t click the link or download an attachment. If something looks off; it probably is.
  • Taking action on this email would have given you the coronavirus (a mask wouldn’t have helped this one)
  • The request to click a link to get more info seems legitimate mostly because it is well worded and has an official look. Don’t be lulled into thinking its safe.
An email pertaining to business will typically be from a domain related to the company. If it’s:,,, or (like above) it should not be trusted without further investigation.
  1. You’ll notice that there is no action to take on this email other than replying. So what could happen if you reply....

  • A typical email reply from a company email account will have your company signature. From that they can get a lot of information about your company (location, name, department)
  • With a known active email signature cybercriminals can easily recreate that signature and start phishing your customers and vendors
  • It will flag your email as active. Known active emails can be sold.

My personal email practice, if the email appears legitimate, is to go directly to the website where the email wants me to take action (verify password, check account status, review my extended warranty....) doing this alleviates clicking on links or downloading a form (aka virus) from an email.

There are other less common methods used by cybercriminals. For more information on those methods read our first article in this cybersecurity series.

We’ve made it through part 2.....

At this point, you could start adding cybersecurity terminology to your resume, but I still wouldn’t challenge the IT Cave dwellers just yet.

In part 3 of our cybersecurity series we will look at cybercriminals' ultimate target and how breaches affect those companies.

I know you are all waiting on the 4th and final entry in this series where we will look at what you can do to protect yourself from cyberattacks. With the first 3 articles under your belt you will have an understanding of how cyberattacks are initiated and how likely you are to be targeted; making that final article impactful and easier to understand.

Stay tuned for the last 2 cybersecurity articles coming soon....

Matthew worked with Agave IT Services as a Brand & Content Consultant through 2020. He managed our company transition from Agave Solutions Inc. to Agave IT Services (dba). From our Logo to our online presence and business operations platform; Matthew created a solid foundation able to support our growth into the future.

You can find
LinkedIn icon

Agave IT Services

We are an IT Services and technology company serving the southwestern United States since 2003. We specialize in supporting, managing, and deploying technologies for the AEC industries' unique requirements. We differ from the typical IT service provider in that we handle ALL your technology needs, freeing you to focus on your core business.

You have a vision
we want to help you get there

Our approach to IT Service is unique. Let's see how we can best serve you!
Yes Please!