Millions of Americans have been relegated to working from home due to coronavirus pandemic, which has created a whole new reality and accompanying set of challenges. One of these challenges is maintaining the same level of cybersecurity at home normally maintained at the workplace. According to a CNBC survey, one-third of senior technology executives report increased cybersecurity risks now that employees are telecommuting.
Times of crisis, unfortunately, create new opportunities for cybercriminals. People who have been sent home to work are natural targets as they likely do not have the same security protocols in place as they might in their office. Many of these employees are also connecting to company servers and resources in different ways than usual, leaving tiny yet evident loopholes in security systems. And ultimately, employees are now using mobile devices more than ever for work purposes, many of which are not secured nearly as well as personal computers. All these factors put the data and personal information of individual employees and entire companies at risk.
The IT challenges of tele-commuting
IT professionals are experiencing an overflow of support requests as the number of employees around the country in need of work-from-home stations rises. While IT teams are generally able to support a set number of employees working outside the office, the numbers they are facing today are unprecedented. According to cybersecurity attorney Stephen Breidenbach, the very infrastructure of companies may become overwhelmed now that most employees are working from home.
When most employees do not have the protections that they have at work, there are fewer barriers facing cybercriminals. Breidenbach says hackers can easily infiltrate a company’s system and send emails to employees from the IT team, telling them to visit a certain website or requesting certain credentials.
Indeed, there have already been several cyberattacks, including a fake Johns Hopkins coronavirus tracking site that stole the credit card numbers of people who logged in. Additionally, there have been fake emails from the CDC, WHO, and companies asking people to donate to coronavirus funds and the like. Tom Hale, president of SurveyMonkey, reports a significant uptick in phishing attempts since the start of the crisis.
Interfor itself has already been subject to such an attempt (unsuccessfully).
What can companies do to protect themselves and their employees?
According to Ann Johnson, corporate VP of Cybersecurity Solutions Group at Microsoft, the intensified cyberthreats might very well push companies to adopt two-factor authentication. 2FA is effective in preventing phishing and man-in-the-middle attacks, and today, there is no excuse not to implement it.
Adam Gould, a senior VP at Inseego, suggests using a VPN when connecting to company servers. VPNs add an additional layer of protection to personal computers by routing the information to the VPN’s server, allowing users to browse on that server as opposed to their own computers. Other options, according to Gould, are 4G and 5G cellular networks, which are encrypted, and Microsoft’s built-in security, which protects the connection between employee devices and the server.
Another strong measure is simply employee education. Jim Fowler, chief technology officer at Nationwide, says that the insurance provider has been counseling employees about the dangers of bad actors and suspicious websites during the corona crisis. Fowler has also noted that there are many smart devices in people’s homes that can leave them (and the company) vulnerable, including smart gaming consoles, baby monitors, thermostats, appliances, and televisions. Employees can also be taught the gold standard of Internet safety, which is to always look for the source of an email before replying or clicking on any links. The hacking attempt against Interfor was detected and reported by multiple employees.
What happens after Corona?
While there are many cybersecurity issues when it comes to working from home, this situation does not mean that once the COVID-19 crisis is over that businesses will revert to the way they were before. This global crisis is likely to change the way companies operate in a significant way. While many employees will return to the office, a likely outcome is that companies will be more open to remote working and less stuck to the nine to five tradition.
This projection is especially true for companies that are now at last being forced to get a handle on their cybersecurity issues. True, they have been thrown into the deep end but once the crisis passes they are the ones who are likely to come out ahead with cutting edge solutions for warding off cyberattacks.
For additional resources and guidance, the Interfor team is here to help.