The COVID-19 pandemic has fundamentally changed the way business is being done, with an estimated 57.7% of Americans (roughly 85 million people) now working from home. While there are benefits to remote work for employers such as greater flexibility and an increase in productivity, there are also risks of which to be aware, particularly at a time when so much of the workforce has gone remote. One such risk is a significant uptick in cyber threats.
It’s estimated that between January and March, coronavirus-themed phishing lures, malware infections, network intrusions, scams, and disinformation campaigns have become rampant across the clear, deep, and dark web.2 Research from Barracuda Networks indicates that the number of attacks from phishing scams grew from 1,188 in February to 9,116 in March. The most common COVID-19 phishing scams involve emails from spoofing authoritative sources such as the CDC (Centers for Disease Control), the WHO (World Health Organization) and a business’s HR department. There have also been multiple reported cases of malicious COVID-19-related Android applications that give attackers access to smartphone data or encrypt devices for ransom.
Cybercriminals Exploiting Today’s At-Home Work Environment
Remote workers are easy targets of cybercriminals. Within a couple of weeks of state and local safer-at-home recommendations, businesses had to scramble to provide employees with tools to work from home, including devices and video-conferencing applications. In many cases, businesses weren’t able to deploy the right technologies or corporate security policies to ensure that all corporate-owned or corporate-managed devices have the exact same security protections, regardless of whether they’re connected to an enterprise network or an open home Wi-Fi network.
In addition, employees are using unencrypted and unsecured home computers and cell phones to perform work. As a result, threat actors are targeting the most popular platforms, such as email, messaging, video, virtual private networks (VPNs), and home networks to compromise data and confidential information, steal remote access credentials, and spread malware for monetary gain.
Up Security Measures to Mitigate Cyber Risks
There are a number of measures remote workers should take to mitigate the threat of cyber risks:
- Maintain good password hygiene, including using complex passwords and changing them frequently
- Update systems and software on a timely basis including on mobile devices
- Never use public Wi-Fi or a Hotspot for work
- Use a VPN originating from a trusted connection within the organization to ensure ongoing access to corporate tools
- Be wary of COVID-19 scams, resist the urge to click links in a suspicious email; check out these resources for more information: Coronavirus Scams: What the FTC Is Doing and COVID-19 Fraud
- Avoid using work devices for personal matters
- Recognize the signs that your computer is affected and contact IT immediately
In addition, employers should implement the following best practices to help prevent cyber-related losses in today’s remote environment:
- Meet with your IT staff to identify vulnerabilities as a result of more employees working remotely. Prioritize protecting your most sensitive information and business-critical applications.
- Define and provide clear remote-work policies and procedures to all staff for a secure environment. Document security best practices, and ensure your employees understand to whom they should communicate about any suspicious activities.
- Ensure all business-owned or managed devices are secure, and extend the same network security best practices that exist within your organization to all remote environments. These practices include:
- Securely connecting users to their business-critical cloud and on-premise applications, such as video teleconferencing applications
- Protecting laptops and mobile devices, including VPN tools with encryption; ensure that the latest versions of VPNs are used and patches are applied promptly
- Enforcing multi-factor authentication
- Ability to block exploits and malware
- Ability to filter malicious domain URLs to thwart common phishing attacks
Businesses and their employees should be following strong cybersecurity practices to protect against the threat of cyber-related risks and to keep remote employees working productively.
Owens Group provides a broad range of products for individuals, families and businesses. For more information, please contact Maureen Conn at 201-408-3514 or mconn@owensgroup.com about personal insurance products and Jean Dennehy at 201 408-3506 or jdennehy@owensgroup.com about business insurance products.