The outbreak of COVID 19 has forced organizations to move to a fully remote environment where enterprises are having to manage an entire remote workforce. This change forces organizations to have to rethink their policies, resulting in greater security risks.
Remote work already has its security risks, and when you add the COVID 19 outbreak in the mix, hackers are using this opportunity to alter their attack methods and take advantage of organizations more than ever before.
In a recent article in The Telegraph, our Security Executive Director Andy Riley said the following about the potential for hackers to utilize this pandemic to profit: “The Covid-19 outbreak represents a ready-made pretext for cyber criminals to socially engineer. It is the perfect time to hold an organization that is already overtaxed with patient flow and uncertainty to ransom.”
To understand how to prevent these threats, it’s important to understand your risks when working remote.
Wi-Fi: There are a number of different attack methods through Wi-Fi. Since Wi-Fi traffic is broadcast using wireless signals, anyone who intercepts these signals (and has the Wi-Fi password) can see the traffic. In addition, when employees work from home, they connect to their “secured” network. While it may not be public Wi-Fi, it typically does not have the same protections as the network used in the office. The endpoints of your Wi-Fi connection are also vulnerable to attacks, where hackers can access your laptop is by setting up fake websites or landing pages that then grant them access to the entire network.
Phishing Emails: While phishing emails always tend to be a risk to organizations, the outbreak of the Coronavirus, also known as COVID-19, provides cybercriminals with the perfect pretext for their phishing emails. Phishing is a dangerous tactic and is widely used based on the ease of use for hackers.
Email is a very fast and easy way to spread this malicious content. Phishing can go from someone simply sending you to a bad webpage to complete ransomware encryption to credentials being leaked, which can open the doors for other attacks using valid credentials. The list goes on and on when you're talking about email as a threat vector.
Personal Devices: A lot of times when people move to remote work, they sometimes tend to use their own personal devices for work purposes. The problem with this is if that employee leaves the company down the road, and they have confidential company information on their device, the company does not have the opportunity to delete it. Additionally, when employees use their own personal device, it makes it that much more challenging to monitor those endpoints.
Hackers are using this increase in remote work as a tactic to increase their efforts in malware. Which is why it’s more important now than ever before that employees are vigilant on what comes across their inbox before clicking on anything.