Work-from-home (WFH) requirements have created more cybersecurity threats for nearly all organizations across any vertical market. Criminals are using COVID-19 as an opportunity to exploit this global crisis. Easy to guess passwords, family-sharing devices, and bandwidth-hogging applications have increased the risk of malware, ransomware, and other cyberattacks. Security experts are warning organizations that hackers are targeting employees doing business from their remote workplaces by employing techniques such as scam emails that mimic videoconference invitations, but instead steal network credentials or spoof remotely located executives to access questionable websites.
WFH Statistics
According to a June 2020 study by the National Bureau of Economic Research, about half the U.S. workforce is working remotely. While reading a Wall Street Journal (WSJ) article, “Companies Battle another Pandemic: Skyrocketing Hacking Attempts,” I found the following statistics surrounding these remote employees worth sharing.
- 53% used their personal computer or laptop for work
- 45% said that their employer did not offer security training for WFH
- 22% posted a picture of their WFH set-up on social media
- 23% use personal devices other than cell phones not managed by their employer for WFH
- 37% reuse passwords for business apps and accounts
- 53% said their employers did not issue any new security policies when managing personally identifiable information
Hacker Traffic Growth
In the same study, the FBI had received around 320,000 complaints of Internet crime as of May 28, nearly double the rate for 2019. The United States Secret Service expects $30+ billion in stimulus funds will end up getting stolen through scams. U.S. and European intelligence agencies warn that companies are prime targets for government-sponsored hackers going after corporate secrets. Nasdaq Inc. observed email traffic growth of 35% after most of its 4,500 employees started to WFH in March 2020. Kraft-Heinz reported an increase of 10% to 15% in attempted email attacks.
Hackers are employing new tactics, such as making fraudulent phone calls to a company’s support center. They imitate employees or suppliers and gather any information that could help launch more sophisticated attacks. Other hackers call the help desk and pretend to be an employee locked out of their account or a supplier who needs to confirm account credentials before they can process a payment.
Coping with WFH Security
We can’t predict how long the pandemic will last, but WFH isn’t going away. It’s assured that some employees will stay home and not return to the office, where security is better. One company provided its customer-support agents with laptops and software that can detect suspicious activity that may expose sensitive information or offer hackers a way into the computer network.
About 50% of security attacks are key attributes of human errors and negligence. The WSJ article also reported that 29% of remote workers allow family members to use their work laptops for online shopping and gaming, which is dangerous and foolish. The rest of the family doesn’t realize what security requirements the company has. Family members often don’t think about the security implications of opening suspicious emails, free downloads, and social media interactions.
Organizations must train employees to better reduce and eliminate the family members’ use of the computer. My suggestion is to keep your work passwords protected where friends or family can’t access them.
Some other recommendations to improve security at home:
- Change the default password on your router
- Update your router firmware
- Use encrypted connections on a VPN
- Always use company approved USB devices
- Keep your computer locked when not using it
- Ensure anti-virus and operating software is up to date
Reducing attack success during the pandemic has reinforced a basic security lesson—the employee is the first line of defense against cyber intrusions. However, if a hacker tries to infiltrate a company’s systems, it’s up to the employee to be the strongest, not the weakest link.
