Hackers Targeting People Working from Home

Commonly-used cloud services are vulnerable to attack

cloud services

In This Article

• CISA alert issued to home workers

• What are cloud services?

• How do the hacks work?

• Weak employer security

• Recommendations for employees

• Recommendations for employers

(No time to read right now? Just want to see the list of things to know? Here you go.)


logo of cybersecurity and infrastructure security agencyA recent alert from the Cybersecurity and Infrastructure Security Agency (part of Homeland Security) warned employees and employers that hackers are targeting people working from home by gaining unauthorized access to commonly-used cloud services.

In this article, we'll explain what workers at home (and their employers) can do to avoid becoming a victim of such attacks.

What are Cloud Services?

Cloud services offer functions that used to be done with software installed directly on a worker's computer.

cloud servicesFor example, instead of using a spreadsheet application like Excel and saving files on your local drive, you use Google Sheets instead, which saves the files on a remote server “in the cloud”.

Or instead of using local customer relationship management software, you use something like Salesforce or Hubspot.

Other commonly-used cloud services include file storage (OneDrive, Google Drive, Dropbox), project management (Trello, Asana, Basecamp), messaging (Slack, Whatsapp) as well as things like Google Docs, iCloud, and various AWS services.

What Are the Hackers Doing?

The targets of the hacking mentioned in the recent alert are workers who use both company-issued and personal devices (computers and/or phones).

The hackers use several techniques to lure victims into giving them access to the cloud services.

hackerThese are things like phishing emails, brute force attacks, vishing, and “pass-the-cookie” attacks (where information stored in a web browser is stolen).

In a phishing attack, for example, hackers send an email or text message that appears to come from a cloud service. It might mention a secure message waiting, an expired password, or (in an ironic twist) that the account has been hacked and the user needs to reset it.

These messages look very real, with faked “from” addresses and the logos and colors used by the cloud services.

They have a link to click, and it will go to a page that appears to be legitimate. But the link actually goes to a page controlled by the hacker, with the purpose of collecting login information.

Weak Employer Security

Home workers, and their employers, are more vulnerable to these kind of attacks when there's weak cybersecurity “hygiene” on the employer's end.

Some of these weaknesses include…

  Not enforcing strong passwords

  Using easily guessable email addresses like “[email protected]

  Not using multi-factor authentication

  Allowing people to forward their work email to their personal email accounts

  Not requiring VPN (virtual private network) access to company email systems or other servers


Cybersecurity experts have recommendations for employers and employees…

For Employers

  Monitor network activity and look for weird out-of-hours activity

  Review logins (and failed attempts)

  Enforce multi-factor authentication and the use of a VPN for remote access

  Review (or prohibit) email forwarding from work accounts to personal accounts

  Provide cybersecurity awareness training to your staff

  Establish blame-free reporting and ensure employees know who to contact

  Disallow use of personal devices

For Employees

  Don't use your personal devices for access to work-related cloud services

  Don't use your work devices for access to personal cloud services

  Be aware of phishing emails and vishing attempts

  Report anything suspicious to your company's IT or security department

  Make sure you use strong passwords on all cloud service accounts


Hackers are taking advantage of the larger number of people now working from home.

This presents a risk to home workers and their employers when they use cloud services.

Employees and employers can reduce the risk by following the recommendations above.


If you have any questions about anything here or if there's an issue you'd like us to write about please get in touch.

Want More Info Like This?

Get our Free Newsletter