2020 brought about a new wave of digital transformation for the world. With the COVID-19 pandemic gripping the world with fear, we saw the human race going into hibernation. Offices and businesses were forced to close. Those who could maintain operations remotely established a hasty WFH setup, which wasn’t so much at par with cyber security. All this and the explosion in online traffic led to increased cyber risks for organizations, employees and just about anyone who could access the web.
WFH cybersecurity risks
Technology and the web acted as a buffer against a raging pandemic for everyone across the globe. However, it also introduced us to new challenges. Ill-prepared work from home scenarios became a perfect playground for hackers, and attacks like Phishing, DDoS, and Ransomware jumped all over the web. There is no denying the fact that WFH is luring more malicious eyes than ever but here is how you can tackle them.
Larger attack surface
Companies who rushed to shift online overnight had to bring their huge on-premise infrastructures out of ‘network & IP’ restrictions too. This meant infrastructure and data which was well-protected and transacted in the safe vicinity of office networks earlier, were now exposed to the whole internet due to the distributed working environment of employees within days without any preparations.
Further, a connectivity boom meant employees and users alike were spending long hours on the web now. At the same time these scattered team members were accessing company’s data from different locations, networks and time zones. While this obviously increased the risks of getting intercepted by hackers, it also made it harder to detect any irregularities in the connections, if they did take place.
Moreover, all internal communications got replaced by messages, emails, and calls, which presented as just another opportunity for hackers. All in all working from home transpired to a larger attack surface for hackers.
Hackers becoming sophisticated
According to a survey, 25% of people working from home reported an increase in fraudulent emails, phishing attempts and spam to their corporate email since the start of the COVID-19 crisis. In addition, ransomware attacks and data breaches also surged since the WFH transformation.
Hackers were now impersonating employees, founders and other members of a team to propagate a dubious email or a link. If clicked, these links could let hackers in on the sensitive information of an organization, eventually allowing them to launch a more drastic attack or breach.
Lack of resources
A safe transition would have needed the latest and up-to-date technology, high-spec hardware, data management systems, and a reliable internet connection (fast broadband and VPN) for every employee in a company.
A hasty set-up like we saw in the past year couldn’t have provided room to arrange all this even if the organization could actually afford to do it. Others simply couldn’t afford such a big expense in the face of a crisis even if it was to meet cyber security protocols.
This also contributed towards cyber attacks following employees into their homes.
Lack of awareness
Not everyone in an organization is cyber ‘literate’. And they can't all be. Moreover, in the absence of the constant reminders and security awareness workshops most employees go through at the workplace, cyber security has reduced to being a faded concept for many working from home.
In their distracted day-to-day routine they can’t discern a malicious email from a genuine one. They are not aware of the necessity of secure connection practices and are at an absolute loss on how to employ them. They also don’t have immediate access to security teams and other team members to clarify on what is what, as they habitually used to do in an office setting. Naturally, it is not hard for them to fall prey to such phishing campaigns.
A careful education and training along with implementation of cybersecurity tools like a firewall, spam detector, etc. is what we need to fight such situations and promote a safe WFH environment for everyone.
Different organizations moved to working from home with different levels of preparedness. A good percentage of which falls under the below average category if measured for cybersecurity capacity. To nurture the opportunity as perfectly as possible, hacker conglomerates are pressing on adding more members to their teams. This has resulted in a net increase in ‘demand for hackers’ on the dark web since the onset of COVID-19. This can be foreseen as more severe attacks coming along in the future. In order to outpace hackers and cyber criminals, business professionals need to get better equipped on all cyber security fronts. Tools and training should go hand-in-hand. Proper distribution of cyber budget on teams and solutions will be necessary.