The economic shutdown has led to millions of employees losing their jobs or receiving fewer working hours from their employers. Employees who can do their jobs from home, however, are working more hours than they were before the shutdown.
Unfortunately, that includes cybercriminals.
Security sources in multiple industries are reporting a surge of phishing, hacking and social engineering attempts. The financial industry is reporting a 238% increase in attacks between February and April of this year. The US government is reporting that criminals are using COVID-related headlines to pull unsuspecting people into online malware traps. Even the Town of Cary is reporting an increase in phishing attempts.
Cyberattacks More Effective Than Ever
One of the reasons that COVID-related attacks are so effective is that many employees received unusual and urgent requests from their supervisors in the midst of this crisis. All of us have become desensitized to “out of the ordinary” events, because so much of the past three months has been out of the ordinary.
In the pre-COVID era, if employees received a request to quickly send sensitive information via email, that employee might step into the sender’s office and make sure it was a legitimate request. That’s because unusual requests are major red flags that an email message may be a phishing attempt. But more business is being conducted via email than ever, and nobody is in their office right now, so these requests draw less scrutiny.
Another challenge is that companies were not prepared for all of their employees to work from home when that transition happened. That means that many employees are working without company-issued computers, and that they don’t have company-approved, secure home networks. If a hacker does gain access to one piece of the user’s home network, they’re likely to be able to move around throughout that network. If they’re able to install a keylogger on the personal computer, they can easily learn the user’s company credentials, allowing them access to the company’s network.
Easy Steps to Protect Your Company
For many companies, concerns over COVID-19 exposure mean that they’ll have employees working from home for months to come. Other companies have discovered that employees are highly effective while working from home and intend to permanently change their work-from-home policies to be more flexible. These are both sound decisions – but allowing employees to continue working from home doesn’t mean you can’t take a step back and enhance the security of their remote work environment.
Issuing a company desktop or laptop with preconfigured security controls may make more sense for many companies than continuing to allow employees to work on personal computers. Requiring a brief online security training on the unique security risks faced by remote workers is also a good idea. While remote work flexibility may lead to a dramatic improvement in employee satisfaction, that benefit doesn’t need to come at the expense of your corporate data leaking out into the wrong hands.
These steps are just the start. We published a longer list of technology security considerations when working from home and hosted an in-depth webinar in early April. The important thing is that you take the time to identify your security weaknesses now and take steps to strengthen them before it’s too late.
To learn how WingSwept can help your company protect it’s network and it’s data, call us at 919-460-7011 or email us at Team_WingSwept@WingSwept.com.