Working from home during COVID-19 risks exposure to a different kind of virus
WFH. If you didn’t know what those letters stood for a month ago, then you definitely do now. But as coronavirus has forced us to juggle working from home with childcare, unreliable wifi connections, and the pitfalls of virtual meetings, there’s also a darker side to the story.
The unprecedented number of people working from home has created a sizeable target for cyber attacks. For many employees – particularly those working in sensitive fields – remote working was never part of the equation in normal circumstances. So with organisations rushing to set their teams up with remote workstations, what threats could they have exposed themselves to?
Act now, security later?
The rapid spread of the coronavirus and the sudden implementation of lockdown measures gave companies little time to prepare secure working from home strategies. For James Stickland, CEO of Veridium, this is a primary cause for concern.
“What makes this situation so difficult are the timeframes,” he says. “Where typical changes of this scale are planned, researched, deployed and tested over months and even years, the UK now has just weeks to overcome some very real problems.”
Of these problems, one of the biggest is the additional workload now being placed on VPN, proxy and external services.
“Typically, remote working platforms are designed to cope with sufficient capacity for a fraction of workers,” says Mike Hoy, Infrastructure and Cloud Operations Director at Pulsant, “so any increase in capacity demands will need to be provisioned quickly. This extends to internet bandwidth, both at throughput and carrier levels.”
“Another risk is data leakage,” Hoy continues. “Remote workers are still bound by the same policies, however, the measures to implement and control them will not be present at home. CIOs should consider implementing solutions such as monitoring software for data leak prevention, two factor authentication and network access control.”
As criminals prey on the concerns of the public around the pandemic, there has been a 667 per cent increase in email phishing attacks since the end of February. These might take the form of fake public health announcements, inviting the reader to click through and find out the number of virus cases in their local area, for example.
According to Terry Greer-King, VP EMEA at SonicWall, “More than ever, the public needs to be hyper aware of the interactions they have online, particularly involving the links and emails they open. Cybercriminals do their utmost to take advantage of trying times by tricking users into opening dangerous files, through what they consider to be trusted sources.”
Some things to be wary of are email communications from colleagues with ‘urgent’ in the subject line.
“This will become particularly common as we log in to work from home in the coming weeks,” Greer-King says. “These messages will be used by phishers to trick people into installing malware or to steal login information and gain direct access into your network.”
Time for a rethink
Adequate security strategies take time to build, and cyber criminals will no doubt breach some companies’ defences throughout the course of this outbreak. That said, as with all other areas of business, the coronavirus is giving organisations time for a rethink. The chance to decide if they want to do things differently – if they could better protect their networks, their data, their clients and their employees.
“These circumstances, albeit challenging and worrying, indeed present a long term opportunity for businesses to reassess their security strategies,” Stickland says. “The way the world works will change after this – individuals and businesses will rethink their priorities. Flexible working will be more accepted, security will matter more, and relationships will matter more.”
“In the same way it takes a cyber-breach to invest in improving security, this pandemic will make a number of businesses overhaul their remote working strategies. It will be very interesting to see how the business and security world will change.”
For the latest opinions from our expert guest contributors, subscribe to our newsletter here.