Increased Remote Work is Highly Likely to Increase Cybersecurity Risks During The COVID-19 Pandemic
Executive Summary: COVID-19 is increasing the use of remote work among employers which is highly likely to increase security risk for employers across the globe. In moving employees off-site, employers open themselves up to security risks like unprotected Wi-Fi (e.g. WEP, WPA, neighbor’s WiFi), the use of personal devices for work related matters and increased end-points connected to work networks. Cyber criminals are taking advantage of fear surrounding COVID-19 and using it to accelerate attacks against organizations, primarily with COVID-themed phishing emails and coronavirus-themed watering holes (i.e. domain registrants) online. In response, it is necessary for companies to take prudent steps to inform employees and set up policies that will help protect the confidentiality and integrity of their information as well as maintain the availability of their systems for remote employees.
Tips for Employees to Securely Work From Home:
- First, check with your IT department about a VPN, or virtual private network. This is the most secure way to work with sensitive data remotely because it routes your internet traffic through your work network. If no VPN, then make sure to connect ONLY to trusted home WiFi or personal hotspots like MiFis or LTE when working with sensitive information. Avoid public WiFi - or your neighbor’s WiFi - whenever possible.
- Second, lock your computer when getting up from your home workspace, by pressing Windows+L or Cmd+Ctrl+Q on a mac. This reduces the likelihood that a family member or child could accidentally destroy work material. It’s not a bad idea, either, to securely store your devices when not in use.
- Third, keep work data on work devices. It may be tempting to send work emails with personal accounts, use your personal Cloud storage Drive or offload data to personal devices and USBs. But it will only put your organization and your co-workers more at risk of data breach or data leakage. It's just not worth the risk…
- Fourth and finally, understand that new cyber threats are emerging because of COVID-19, like themed phishing. The Living Security Intelligence Team has observed threat actors impersonating the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) in emails to employees worldwide. This impersonation is used as a method to manipulate trust and steal money or data from unsuspecting victims. By betraying your trust, cyber criminals try to encourage you to download attachments, click links or browse to COVID-themed websites in the name of charity. It’s OK to have a healthy sense of paranoia and report red flags to your security team.
Discussion: Malicious actors are taking advantage of the coronavirus pandemic by using it as a pretext to compromise organizational networks. Before COVID-19, 57% of Chief Information Officers (CIO) already suspected their mobile workers to be hacked because of lax mobile security and only 46% are confident their employees are using a VPN.
Employers need to encourage employees to avoid untrusted Wi-Fi because of the risks they introduce. Employees should be encouraged to use trusted home WiFi, personal hotspots (e.g. Mi-Fis) or LTE. In addition, a company approved VPN is necessary to route traffic securely through work firewalls. Bottom line? Employees should only access work data on updated work computers connected to trusted WiFi.
Overall, cyber security risk is highly likely to increase during the COVID-19 pandemic due to increasing remote work and malicious actors using the pandemic as a hook to lure in victims. During this time, it is necessary to take extra precaution by setting up policies which will in turn greatly reduce the cyber risk COVID-19 is creating for companies.
The right response to this pandemic is not fear, but a willingness to support and protect. By practicing hygiene and cyber hygiene, instead of kicking back and being indifferent, prudent response will help to contain the impact that COVID-19 can have on our society, our organizations and our families.
Analytic Confidence: Analytic confidence in this assessment is high. Source reliability is largely moderate with no conflict among sources.