Written by Donald A. Promnitz
The pandemic has millions of Americans working remotely from home to avoid an outbreak in the workplace — but the coronavirus isn’t the only bug that could find its way into the office.
According to cybersecurity professionals, remote work has opened the door for phishing scams, ransomware and other risks and breaches that can come back to bite employees and companies alike. Brian Horton, founder and CEO of Breadcrumb Cybersecurity in Fresno, explained that working away from the office can make an employee far more vulnerable to a hack.
In fact, Horton says his company has a 700% increase in cyber-related losses that can be directly or indirectly attributed to Covid-19 and a work-from-home context.
“When organizations moved to a work-from-home context, they inherited the security risk of the employee’s personal home network,” he said. “Whereas traditionally, they would focus on securing organizational assets, employers were left scrambling to secure remote work environments.”
Company computers typically have better defenses on them as opposed to a personal computer or laptop. A personal device also opens up new information to hackers concerning the private life of the remote worker. This includes such information as: HIPPA reports; social security; tax information; and bank accounts.
Jesse Gibson, vice president of M Cubed Technologies, says remote working has led to a massive increase of cases for his company also. The most common thing Gibson and his team encounters is phishers seeking Microsoft credentials like passwords. Once in, Gibson added that a business’s clients will be at risk just the same.
“That is the same for both internal staff and anyone that you do business with,” he said. “As we are more connected between multiple companies — if a business with multiple clients gets breeched — that runs the risk of infecting others.”
Another key component to user vulnerability is the lack of person-to-person communication, which can be easily exploited by hackers. Joe Fabrie, senior system administrator for BCT Consulting, Inc., says this makes employees working from home the perfect targets.
“That’s what the hackers are depending on,” Fabrie said. “They’re knowing that we’re in these more vulnerable states at home where we can’t see each other, we can’t walk down the office, so we can send these requests and do these different things that the user may before have said, ‘hey, why doesn’t Bob just come down and talk to me?’ Because he can’t.”
In order to better defend oneself from a hack, it’s recommended that company computers and laptops be used even for remote work. Fabrie and Horton also cautioned employees to look closely at emails, for subtle changes to a coworker or employer’s name and spelling — a lower case “L” replacing and upper case “I,” for example. Before clicking a link, verifying the email by phone is encouraged.
But phishing and ransomware alone aren’t the issues posed by the pandemic. Horton added that in addition to hacking, there’s been an increase of cases involving scams, in which online predators pose as banks and other entities to swindle companies out of their payroll protection plan money and other government aid.
In one instance, Horton said hackers compromised the email system of the victim and persuaded the lender to update their banking information.
“When the victim organizations inquired about the monies, the hackers would then impersonate the bank and blame the delay of funding on Covid-19 and the fact that employee were working from home,” Horton said. “By the time the victim organization figured out what was happening, the monies were long gone.”
If an employee is out of the office and not at home, they’re also cautioned about the use to public Wi-Fi, which can be utilized by nearby hackers to gain access to the user’s laptop. A Virtual Private Network (VPN) is a recommended means by which a user can further protect their privacy.
Fabrie made further recommendation to invest in better security systems for personal devices. It may in the end be cheaper than a potential hack.