The last few weeks have proven to be extremely disruptive for the world. With lockdowns and social distancing becoming the latest buzzwords, there has been an unprecedented increase in professionals working from home. Perhaps this is the first time that more people are working from home rather than from the office. Also, given that the shift was so sudden, most organizations had to scramble to equip their employees to work from home safely and productively.
Apart from being a massive social experiment on the effectiveness of working from home, this new necessity has created a humungous cybersecurity threat for organizations and individuals across the globe. Even the World Health Organisation (WHO) was recently subjected to efforts by elite hackers to break into its systems, as per some reports. Senior officials within the WHO confirmed this and also noted that compromise attempts against the agency have more than doubled in the wake of the massive Coronavirus pandemic.
As more people work from home, they depend even more than before on digital communication. At the same time, since they might likely use personal or less secure wi-fi networks, the threat level is likely to skyrocket. Plus, there is greater scope for fraudulent activity by unscrupulous employees since they have greater freedom and lesser oversight. Also, hackers using the vulnerability and uncertainty to launch phishing attacks.
The Threat of Working from Home
As businesses move to a work from home model, there is a higher volume of data and transactions are being carried out outside the company’s secure network. Also, there might be more instances of people working from their personal laptops or desktops. These devices might not have the same security, antivirus, and firewalls as the office systems. Similarly, security standards for home Wi-fi modems are likely to be lower than those of office broadband.
Given this, organisations need to take some special steps to ensure a high level of security. First, ensure that access to sensitive data is highly restricted and accessible only for extremely critical tasks that cannot be put on hold. Also, provide VPN access to employees so that the data transmission is as safe as possible.
But the most important measure that organisations need to undertake is to ensure that employees are educated on cybersecurity and have access to clear guidelines on how they should handle the threats that emerge from working from home. Of course, this education and awareness building cannot happen on an ad-hoc basis after employees start working from home. It points to the importance of sustained long-term efforts that organisations need to undertake before such an emergency can occur. On their part, cybersecurity teams need to be cognizant of emerging threats and keep themselves constantly updated on the newest cybersecurity threats.
Phishing and Social Engineering
Even under normal circumstances, employees are often the weakest link when it comes to hacking attempts. Phishing attacks are often used where employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.
The current uncertain environment makes employees even more vulnerable especially since they might be constantly seeking information on the Coronavirus spread or preventive measures, etc.
Most phishing attacks typically use some form of social engineering to induce employees to part with control or information. It could involve psychological manipulation, fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data. In the current scenario, a map that helps you identify positive coronavirus cases in your neighborhood could be a malicious site. Most social engineering involves communication that invokes urgency, fear, or similar emotions in the victim. These emotions can lead the victim to click on a malicious link, open a malicious file, or reveal personal details. Because social engineering involves a human element, preventing these attacks can be tricky for enterprises especially when employees are working from home.
Again, education, awareness, the right antivirus, firewalls, and comprehensive guidelines and policies are the answer.
The Importance of Vigilance
Given that businesses and the society are already grappling with the far-reaching consequences of this pandemic which has crippled life as we know it, we cannot afford any attacks on our organisations, especially those that are playing a role in containing and managing this crisis. In 2018, the Wannacry ransomware attack on UK’s National Health System (NHS) had crippled computers across hospitals. It had cost £92m in losses and led to 19,000 canceled appointments. Given that healthcare systems are already under tremendous pressure in the current scenario, such an attack could prove to be particularly catastrophic.
For organisations, there are several lessons to be learned from his pandemic, especially with respect to designing their security infrastructure. For cybersecurity professionals, this pandemic reiterates the need for them to be on top of their game with knowledge of the latest trends and threats at their fingertips. They need to regularly upgrade their skills and make the most of online courses etc. that can keep them updated.
The cyber threat is constantly evolving, so staying one step ahead is critical.
By Krishna Kumar, CEO and Founder, Simplilearn