Staying Cyber-Secure While Working From Home

The coronavirus crisis has forced most people to work remotely. Oracle, Apple, Google and Amazon are among the largest global companies that restricted travel and asked their employees to stay home. Nearly all organizations (97%) have cancelled work-related travel, an 80% increase since March 3. And across the world, as leaders continue to evaluate the path forward,  businesses of all sizes and types are rethinking the workplace and requiring employees to stay put in precaution against the disease.

A different kind of virus scare

But there’s more to worry about than the virus itself. Hackers have wasted no time figuring out how to exploit COVID-19 and the fact that most workers are working from home. There has been a dramatic uptick in cyberattacks trying to take advantage of the coronavirus outbreak. Indeed, while you are trying to avoid getting infected with a real virus, cyberthieves are trying to infect your devices with computer viruses aimed at gaining access to personal and private information.

Cyberthreats, including phishing scams and malicious code, are spiking as online criminals take advantage of the coronavirus to attack vulnerable remote systems. According to global information security firm Zscaler, the number of attempted data security hacks increased 20% in March. This number is on trend with similar and steady increases since January.

The C-suite is concerned

The increased risk has captured the attention of C-suite executives. More than one-third of senior technology executives surveyed by CNBC say that cybersecurity risks have increased as a majority of their employees work from home. About 85% of companies surveyed say that at least 50% of their employees are now remote, and cyber concerns are running high as a result. Businesses should anticipate that bad actors will assume that people aren’t manning the gates, providing them with an opening.

Don’t fall prey to a hack

One of the fastest-growing tactics is to use the coronavirus crisis as a ruse. Hackers lure victims with the promise of information or protection from COVID-19. One example is an email where a sender, pretending to be from the Centers for Disease Control and Prevention, urges a recipient to open a link. This link then deploys malware that invades the receiving device, looks for security vulnerabilities, and ultimately is used to gain access to connected networks and information.

Another scam involves pointing people to an online map that purports to track COVID-19 cases, but actually steals usernames, passwords and credit card numbers stored in your browser. The “Coronavirus map” plays on people’s emotions and anxiety, causing us to act more recklessly than we might do otherwise. Hackers have quickly taken advantage of this vulnerability.

Bad actors are also acting like common services that are now on the minds and on the devices of people sheltering in place. This comes in the form of both email and text messages that appear to be from legitimate sources but are not. Watch for bogus outreach from content providers like “Netflix,” “Hulu” and “Amazon,” and loan providers like “Chase.” Check the return addresses and links. And if it seems odd that you are getting the message, it is.

What can businesses do?

If you have workers at home, be extra vigilant and warn employees to be aware of the wide variety of devices connected to home networks. Smart thermostats, gaming consoles, baby monitors, TVs, and possibly even cars all could be vulnerable points of cyberattack. The best defense is to make sure they are protected with a strong password and have had all system updates applied.

Hackers know full well that home networks aren’t as secure as those in offices. Employers should work with employees to shore up their defenses. Home Wi-Fi most often doesn’t have the same security in terms of firewalls and anomaly detection monitoring that exists in corporate environments. Even corporate remote VPNs are open to increased vulnerabilities. Most organizations simply did not anticipate the vast majority of their employees would all have to work from home all of a sudden. Now is the time to stress-test systems before falling prey to an attack.

What do workers do?

As more people work from home and anxiety mounts, expect cyberattacks of all sorts to take advantage. Here are three expert cybersecurity tips for home-working.

1. Use Multifactor Authentication. You can provide enhanced security using multifactor authentication, a system that verifies a user’s identity by requiring multiple credentials. These typically include several things: something you know (a password), something you have (a key fob or a SIM card), and something specific to you (a thumb print, a location, or a specific time). By adding these additional layers of security you make it harder for bad guys to log in as if they were you.

2. Use a Virtual Private Network. Having a VPN that sits on your PC, laptop, or mobile device creates an encrypted network connection that makes it safer for workers to work from home. Once connected, employees are able to access company resources and information on the network just as if their devices were physically plugged in at the office. While you are connected the data sent back and forth through your Wi-Fi is protected by encryption and security protocols to help keep it private and secure.

3. Use the Company Computer. It may be tempting to use your smartphone and your home computer as you work remotely, especially as you “multitask” between binge-watching Netflix and checking the news. But experts stress that workers should conduct work from home using only IT equipment provided by employers. The reason for this is that there is often a range of software installed in the background that keeps data secure. If a security incident took place on an employee’s personal device, the organization – and the employee – may not be fully protected.

Moving forward

The coronavirus is hitting the world’s economy hard, creating great uncertainty for both employees and employers. To make matters worse, information security is also at increased risk. With luck, we’ll be successful in outlasting the effects of COVID-19 on business and society, but it will clearly take time. While you work to reduce your risk of infection during the pandemic, be careful to attend to the increased cyber-risks that have emerged. Stay vigilant yet optimistic, and we’ll all get through this together. 

Kevin Craine is the managing director of Craine Communications Group. He is writer, podcaster and technology analyst, as well as the author of the book Designing a Document Strategy and a respected authority on document management and process improvement. He was named the No. 1 ECM Influencer to follow on Twitter.