Addressing Cybersecurity Gaps in Remote Work

If you hire remote workers you should be doing a deep dive on your recruiting, hiring, and onboarding processes to understand how you are confirming the identity of the person you are hiring. There are an estimated several dozen “laptop farmers” that have popped up across the U.S. as part of a scam to infiltrate American companies. Americans are being scammed to operate dozens of laptops meant to be used by legitimate remote workers living in the U.S. What the employers and the farmers don’t realize is that the workers are North Koreans living abroad but using stolen U.S. identities. Once they get a job, they coordinate with an American who can provide some “American cover” by accepting deliveries of the computer, setting up the online connections and helping facilitate paychecks. Meanwhile, the North Koreans log into the laptops from overseas every day through remote-access software. CrowdStrike recently identified about 150 cases of North Korean workers on customer networks, and has identified laptop farms in at least eight states. While the primary goal for these workers might be to steal money in the form of cashed paychecks from American companies, many of them are also interested in stealing data for espionage or to use as ransom. At this point, with the speed of AI advancement, this risk is only going to increase for remote-first companies. Get your Security, HR, and Legal teams together to start discussing how you can mitigate this risk. You should even think about recent new hires where this could have potentially occurred and do some investigation. One possible mitigation is to force new hires in certain high-risk roles to come onsite during their first week for onboarding to get their company laptop. During the recruiting process, the recruiter should discuss the mandatory onsite onboarding and ask if they would be available to come onsite their first week for onboarding and to receive their laptop. The I-9 verification should also be done during this onboarding. I would also recommend heightened monitoring on new hires’ devices to ensure there are no red flags indicating suspicious or malicious behavior. I think it’s easy to overlook this risk and think it would be obvious to tell that you hired someone in North Korea, but these scams are getting sophisticated and AI is only going to make it harder to detect. Link to article: https://lnkd.in/e3iAmshM

In August, a Nashville man was indicted for running a "laptop farm." He allegedly convinced companies to hire him as a remote worker but instead of doing the work, downloaded and installed software on company computers that granted access to foreign bad actors posing as workers, breaching company security and funneling money abroad. This may sound like an outlandish story, but easy access to AI-generated audio and video heighten the risk of employee impersonation. Ways for companies to protect against employee impersonation: Before hiring: • Running background checks (and following state/local notice and disclosure requirements) • Vetting educational and employment background • Using secure methods for checking identity and work authorization. Especially for sensitive roles that are fully remote, consider flying the candidate out to meet in person or hiring a vendor who can vet their identity in person. • Requiring employees to sign robust confidentiality agreements During employment • Working with IT/InfoSec to develop best practices for securing company data • Monitoring employee login patterns and downloads • Developing protocols for exchanging money and sensitive information (for example, requiring multiple points of verification) • Even if you don’t regularly work on video, doing this occasionally. • Training managers to keep an eye out for suspicious activity After employment • Reminding employees of their confidentiality obligations • Securing company data immediately upon separation and monitoring use when employees give notice of resignation • Reviewing hardware that is returned and properly wipe equipment What else?

This article highlights a St. Louis federal court indicted 14 North Korean nationals for allegedly using false identities to secure remote IT jobs at U.S. companies and nonprofits. Working through DPRK-controlled firms in China and Russia, the suspects are accused of violating U.S. sanctions and committing crimes such as wire fraud, money laundering, and identity theft. Their actions involved masking their true nationalities and locations to gain unauthorized access and financial benefits. To prevent similar schemes from affecting you businesses, we recommend a multi-layered approach to security, recruitment, and compliance practices. Below are key measures: 1. Enhanced Recruitment and Background Verification - Identity Verification: Implement strict verification procedures, including checking legal identification and performing background and reference checks. Geolocation Monitoring: Use tools to verify candidates’ actual geographic locations. Require in-person interviews for critical roles. - Portfolio Validation: Request verifiable references and cross-check submitted credentials or work samples with previous employers. - Deepfake Detection Tools: Analyze video interviews for signs of deepfake manipulation, such as unnatural facial movements, mismatched audio-visual syncing, or artifacts in the video. - Vendor Assessments: Conduct due diligence on contractors, especially in IT services, to ensure they comply with sanctions and security requirements. 2. Cybersecurity and Fraud Prevention - Access Control: Limit access to sensitive data and systems based on job roles and implement zero-trust security principles. - Network Monitoring: Monitor for suspicious activity, such as access from IPs associated with VPNs or high-risk countries. - Two-Factor Authentication (2FA): Enforce 2FA for all employee accounts to secure logins and prevent unauthorized access. - Device Management: Require company-issued devices with endpoint protection for remote work to prevent external control. - AI and Behavioral Analytics: Monitor employee behavior for anomalies such as unusual working hours, repeated access to restricted data, or large data downloads. 3. Employee Training and Incident Response - Cybersecurity Awareness: Regularly train employees on recognizing phishing, social engineering, and fraud attempts, using simulations to enhance awareness of emerging threats like deepfakes. - Incident Management and Reporting: Develop a clear plan to handle cybersecurity or fraud incidents, including internal investigations and containment protocols. - Cross-Functional Drills and Communication: Conduct company-wide simulations to test response plans and promote a culture of security through leadership-driven initiatives. #Cybersecurity #HumanResources #Deepfake #Recruiting #InsiderThreats