Cybersecurity Awareness in a Mid-Pandemic World

We are all currently living in a mid-pandemic world, and life as we know it for now has changed. But change is not necessarily bad or good, as long as we have the resources and support to help us navigate the new norms and the way we experience work. Just as how ISA had defined a COVID-19 BCP (business continuity plan) to provide the same level of service to our managed clients as they have come to expect, other tech companies around the world have also set up their employees to work from home in order to maintain business as usual. 

Homes have become newfangled offices, and an unprecedented number of workers are currently adopting unaccustomed systems and approaches to deliver work. Even before the pandemic, a survey from Regus Canada revealed that 47 percent of Canadian employees work from outside their main office for half the week. Canada is below the global average of 54 percent and also trails behind countries like China and India, with 60 and 65 percent of employees working remotely, respectively.

The newly-discovered workplace is encountering new realities. For instance, boundaries between work and private life have neutralized. Employees are using home Internet service providers, personal devices, and unmanaged network components to access corporate systems and information. Because of the notable share of people working from home, there is an increase in technology utilization. Most notably, there is a rise in popularity in communication and conferencing tools. For instance, in three months, Zoom’s usage has increased from an average of 10 million daily users to 200 million users. At the same time, employees enjoy greater autonomy and flexibility while practicing self-motivation working from home.

Cybersecurity Risks of Working from Home

Existing and new cybersecurity threats are on the rise. Cybercriminals are preying on remote workers’ desire to get news and uncertainties about the current happenings. It is important to note that every time an employee connects their devices to a corporate network from home, they inevitably create possible entry points for hackers to access company systems and information clandestinely.

Here are some of the wide-ranging security challenges of working from home:

1.    Use of insecure personal devices

Remote workers introduce cyber risks when they use their equipment that security teams cannot concretely monitor for malicious traffic. Typically, users do not patch software installed on their devices. This observation led to the discovery that 60 percent of breaches involve vulnerabilities for which a patch was available but not applied.

In other situations, companies provide employees with laptops likely protected by endpoint security tools. By all means, unless you are the CEO, security personnel will not come to your apartment to sort your cybersecurity needs. It, therefore, remains a challenge for organizations to ensure that remote devices, both personal and company-issued, have updated security software and infallibly configured network connections.

2.    The surge in Coronavirus-themed cyber risks

The ongoing coronavirus pandemic has drawn away everyone’s focus from cybersecurity presently as people and businesses give precedence to safety and ordinary course of operations. The situation has undoubtedly forced many companies to grant remote access to critical systems hastily. Recently, the World Health Organization warned that impersonators were posing as the agency to steal money and sensitive information. During a pandemic, information about vaccines or cures related to a disease is invaluable. In that event, hackers spread malware to people with such information to trick them into opening malicious attachments and links. Home users and businesses should be worried about the COVID-19 malware that infects systems and devices and steals passwords and other sensitive data. Security experts estimate that 80 percent of text and email scams distributed at the moment are coronavirus-themed attacks purporting to be messages from employers, governments, or the WHO with information on how to handle the disease.

3.    Use of insecure home network components

Most users have never reconfigured their router passwords after installation. They still use default credentials that are weak, candidly known, and searchable based on the device vendor. In effect, cybercriminals crack home router passwords to capture the network devices and turn them into bots. Hacked routers allow hackers to spy on remote workers as they send information online.

Cybersecurity Measures While Working from Home

Prevalent cybersecurity measures deployed at the workplace cannot adequately protect company information and systems while accommodating a record high number of remote workers. In this situation, businesses need to reconsider their cybersecurity strategies to impede cyber risks of working from home.

1.    Employee awareness training

Companies should share awareness information to help employees to identify malicious emails and phishing attempts. Employees should understand the basic security practices, such as protecting their devices from physical theft, using complex passwords, and report incidents right away. Enterprises should establish effective means for employees to contact security officers in case of doubt regarding their online experiences. 

2.    Use virtual private networks (VPNs)

Employees should avoid connecting to corporate networks via insecure networks, such as free and open Wi-Fi. The unstable connection allows cyber attackers in the near vicinity to snoop and steal sensitive information in the traffic. Businesses should ensure they have corporate VPN solutions that can sustain an increasing number of simultaneous connections from a high number of employees working at home.

3.    Home network segmentation

Remote workers can consider purchasing router kits that allow them to segregate their home networks. In this case, they can separate the Internet of Things devices, such as security cameras and speakers, from the system used to access corporate data to restrict the attack surface further.

4.    Use secure and trusted technologies

Working from home has resulted in an influx in the adoption of technology solutions such as Skype and Zoom. Unfortunately, some vendors had not designed their products with the foresight of having millions of users relying on their platforms in countless ways. The trend is presenting cybersecurity challenges that solution providers had not anticipated. For instance, cybercriminals and security researchers have discovered numerous security flaws affecting Zoom’s Windows and Mac devices. Hackers could exploit a weakness in the Zoom chat feature to steal user credentials. As a result, businesses should ensure that remote workers are accessing corporate applications and information via secure applications and encrypted communication channels.

At the same time, businesses should encourage employees to use corporate computers, especially in situations where a BYOD policy is unavailable. Teleworking staff can rely on company-issued computers that have up-to-date security tools, such as antivirus and antimalware, and a replacement plan for failing and obsolete software. 

5.    Re-configure default network device passwords

Remote workers should change router passwords before connecting to their home network to access company information and systems. That way, hackers require more resources and skills to crack new complex passwords to hijack a router and spy users or convert it to a bot.

Ultimately, the massive influx of people working from home will continue to expand the cyber attack surface. As employees work remotely for businesses to stay afloat, hackers are tweaking their attacks to exploit fear and uncertainties during the coronavirus pandemic.  ISA cybersecurity specialists have over 28 years of demonstrated industry excellence in securing organizations that allow employees to work from home. ISA assures customers that the specialists are available to protect their online activities even in uncertain times. Partner with us today to protect your business from cyber risks of working from home.