Coronavirus & Cybersecurity: A Guide for WFH Cybersecurity Ops
March 23, 2020
In the ongoing bid to curb the coronavirus outbreak, many organizations are allowing or requiring employees to work from home (WFH). in the haste to implement remote working strategies, data security concerns cannot be forgotten. It is vital that precautions intended to protect the physical health of your staff do not turn into a threat to your organization’s cybersecurity.
Employees working from home will share documents, use chat applications to keep up with co-workers, and conduct online meetings with colleagues and customers. They are likely not thinking about cyberattacks or how their online activity opens the door to cyber threats that directly target remote access activities.
Unfortunately, during the current coronavirus pandemic, cybercriminals have stepped up their efforts to wreak havoc on unsuspecting or unprepared organizations, sometimes using misleading subject lines that reference COVID-19 to increase their penetration rates.
The rise of WFH workforce coupled with coronavirus-focused scams has created increased risk to cybersecurity operations and the WFH cybersecurity of enterprises. CISOs and network admins must find innovative solutions to secure their organizations as the distributed workforce has become a reality almost overnight.
How does WFH increase risk?
Cybersecurity risk — and therefore enterprise risk – increases with a WFH staff during the coronavirus outbreak in a number of ways:
Increased remote sharing: Unable to pop over to the next cubicle, employees working from home rely more on instant messaging, emails, file-sharing, and other means of digital interactions when not co-located with fellow employees. Shared files open the door to highly damaging malware, which may easily evade anti-virus applications and remain undetected for weeks or months.
Unprotected networks: The sudden move to a WFH setup mean many home offices are not set up to be secured by the corporate network. Unsecured home networks are easy targets for cybercriminals looking for an easy way to access confidential business information.
Use of personal devices: Employees working from home may choose to use their own devices to access their work-related data. Communications over personal phones, tablets, or laptops present a greater security risk than communications on secured company platforms. A physical risk is presented as well, if employees leave their devices unguarded in public areas, such as coffee shops.
Time-saving shortcuts: When working in an unmonitored WFH atmosphere, individuals may choose to take time-saving shortcuts that inadvertently put their organization at risk. For example, time-consuming processes – such as using VPN to access the corporate network – may be skipped, or information may be shared over non-secure channels. In addition, employees may not be aware that BYOD protocols are not properly protected outside the office location.
Opportunistic scams: As the spread of coronavirus increases, organizations are increasing their communications with employees to keep them informed of new policies and ensure the distributed workforce is kept up to date. Given the sensitivity of such communications, employees may be quick to open these emails and to click the links, without realizing that these are phishing scams by opportunist cyber criminals who are using the coronavirus as subject matter to increase their penetration rate. In fact, the World Health Organization (WHO) specifically warned that cyber criminals are impersonating WHO officials and sending phishing emails with malicious links in connection with COVID-19.
How to reduce these risks
It seems like WFH will become the new normal until the pandemic can be brought under control – and possibly even longer. Here are some measures you can take to reduce the cyber risk to your organization.
Establish WFH guidelines and communicate: Each business with WFH employees, must determine their own corporate cybersecurity measures and protocols. These guidelines must then be communicated clearly to staff. This information includes expectations of employees connecting to the corporate network, such as installing company-sanctioned anti-virus software, using a secure VPN or multi-factor authentication (MFA), updating password protection technologies, or other corporate security measures required. Employees can also be reminded not to share files or information over personal devices and to be extra vigilant with work-related activities when in public.
Clarify incident response protocols: While no one wants a data breach to occur, it sometimes does. In a WFH environment, shadow IT may become more prevalent. Shadow IT the term for when an employee or group of employees manage and utilizes IT applications and infrastructure without the knowledge or approval of the enterprise’s IT department. Employees should be aware of proper incident response protocols when they suspect a possible data security breach while WFH, regardless if it is related to enterprise IT or shadow IT. Make sure that there is an easy way for employees to quickly get into contact with the cybersecurity team/IT team, such as a dedicated email address or a designated point-of-contact for such notifications. In addition, the response team should be fully resourced during this high-risk period.
Implement phishing training: Knowledge is the best weapon when it comes to cyber scams. Raise awareness amongst both WFH and office-based employees about the risk of phishing attacks during the coronavirus. Emphasize the importance of checking to see whether email communications are legitimate and consider eliminating email-based updates. Instead, post company policy communications on an employee portal or other central area that staff can access.
Reduce risk of increased file-sharing: Phishing training is important, but there will always be gaps in human accuracy. With the increase of file-sharing – both between co-workers working remotely and between customers, partners, and vendors – an effective Content Disarm & Reconstruction (CDR) solution should be considered. Cyber criminals are increasingly using sophisticated file-borne malware that can easily penetrate any organization by exploiting standard digital interactions, and their rate of penetration has been boosted by the explosion of organizational communications around COVID-19. CDR-based technology has been proven to be highly effective in neutralizing external malicious content threats while preserving the integrity and functionality of the original file.
Introduce other creative security options: Using video messaging to communicate with employees is a creative way to ensure company communications cannot be duplicated. Aside from the security benefit, video also brings the personal touch to staff communications, a gesture likely to be appreciated in times of uncertainty.
Track WFH activity: Make sure your cybersecurity team is carefully monitoring access to company systems and watching for abnormalities. Resources may be required to sift through logs to detect compromises, and the organization’s VPN service should be patched and up to date.
Switching from a trusted work environment to distributed WFH teams at short notice due to the coronavirus can create WFH cybersecurity risks for enterprises. Risks to enterprise assets come from increased remote sharing, unprotected home networks, use of personal devices and unsecure shortcuts taken by unsuspecting employees. Risk also comes from cyber criminals taking advantage of the current pandemic to again access to secure data with phishing scams.
CISOs and network admins should take proactive steps to bolster WFH cybersecurity by establishing clear guidelines and communicate effectively with employees, clarifying incident response protocols, considering a CDR solution, implementing phishing training, introducing other creative security measures, and monitoring for any data breaches. Emphasizing data security at this challenging time will go a long way in helping organizations avoid highly unpleasant issues that result from a data breach.