COVID-19: How Remote Work is Actively Enabling Hackers

Updated: Apr 1, 2020

Social distancing might drive away the coronavirus, but it's enabling a whole new era of infection from cyber threats. Learn how remote working has left businesses scrambling to defend their data and what you can do to adapt to these unprecedented conditions.

Remote Work, Coronavirus, COVID-19, cybersecurity

We can say with utmost certainty that the coronavirus has infiltrated many parts of the world, infecting hundreds of thousands of people in over 190 countries so far. While epidemic patterns continue to surface from the coronavirus outbreak, there still remains a large amount of uncertainty regarding the challenges that will continue to arise in the aftermath of the COVID-19 pandemic. Researchers avidly gather coronavirus data and work to discover solutions to halt the spread of COVID-19, but what do we know about the effects that these new policies have on businesses?

The most popular, and perhaps most effective, measure put in place to combat COVID-19 has been the push towards working from home. In the wake of this drastic change, however, many businesses find themselves drowning as they try to figure out how to connect remotely and securely. Because of these instabilities, malware across the world is on the rise, riding on the coattails of coronavirus information and the upturn in remote work.

While COVID-19 continues to evolve, we hope to provide business leaders with the right information, perspectives, and tools to manage and improve their immediate and long-term security strategy and response to the outbreak.

What’s at Stake.

Coronavirus triggered an avalanche of challenges, from supply chain disruption to changing market demands, but what could really bury businesses right now is the mass volume of cyber threats leveraging this momentum. In an attempt to slow the surge of human disease, national and local quarantines have been in effect, restricting travel, closing businesses, and enforcing work from home policies. Although these responsive measures are helping curve the trajectory of COVID-19, they’re also contributing to a huge incline in cyber activity.

Cynet’s global threat telemetry from recent weeks reveals the spike in cyberattacks on employees working from home. This increase is mainly attributed to the fact that remote workers are using personal computers, which are far less secure, making them significantly more vulnerable to malware attacks.

Here is the reported spike in email-based attacks from Cynet's customers from Italy:

Employers need to be aware of what’s ahead in terms of cybercrime, and this starts with confronting the areas that businesses are falling short:

1. Uncharted Territory Leaves Companies Unprotected and Unprepared.

Companies across the U.S. are quickly finding themselves unprepared for the consequences of virtual work en masse. As a result, businesses are attempting to piecemeal together untested solutions to enable a remote workforce, causing real security gaps and putting tremendous strain on IT teams.

2. Ineffective Planning Inhibits Adaptation & Execution.

For financial, healthcare, tech, government, and many other businesses, cybersecurity systems need to be robust and resilient, but reality can often drastically differ from a crisis simulation. Managers are finding it difficult to correctly execute effective response plans because they are ill-equipped to accommodate for the speed at which the virus is evolving, which results in major policy changes and a cascade of cybersecurity consequences that follow.

3. Hackers Exploiting Remote Vulnerabilities.

The rapid adoption of work from home policies leaves businesses struggling to mitigate the threat that feeds off of unsecure networks. Hackers are not only primed to find ways into your home Wi-Fi, but they’re also leveraging the global interest in this pandemic to spread phishing attacks, create fake domains, and send spam campaigns related to the virus. In fact, the issue has become so widespread that the World Health Organization (WHO) released a statement advising people to beware of hackers leveraging the COVID-19 outbreak to gain access to private information. Social engineering attacks, in particular, are especially dangerous right now because users are the easiest to exploit, generating the highest rate of return.

Preparing Your Security Strategy.

While it’s difficult to fully predict the economic impact of COVID-19 in the long-term, it’s important to understand what resources and security tools are available to help prevent your business from cyber threats.

Remote Incident Response Plan.

The coronavirus has triggered a necessary, yet anxious, experiment in working from home feasibility and productivity. What we learn about remote work during this time will perhaps change the work stream as we know it, but one thing is for sure: remote working may slow the spread of COVID-19, but it’s placed companies and people at a higher risk for cyber infection.

Whether you’re developing a plan to initiate proactive security measures, or you’re working out your reactive strategies, it is crucial for business management and staff to provide guidance to all employees and make sure security guidelines, plans, and policies are made known throughout the organization.

Securing Systems.

Remote work requires remote access to company information systems, which poses a significant risk on this data if end users aren’t careful. If companies do not enact policies and guidelines during this time, employees could fail to safeguard information and fall prey to phishing attacks or other forms of social engineering.

Since remote work is new to so many organizations, companies are scrambling to setup needed security tools, such as Virtual Private Networks (VPNs), to protect online privacy and maintain data security. Unless employees are prepped to adapt to security guidelines when working remotely, company information is vulnerable.

Some critical cybersecurity measures include:

  • Enforcing multi-factor authentication on devices;

  • Prohibiting access to information systems while on public Wi-Fi;

  • Using VPNs to ensure internet traffic is encrypted;

  • Installing patches to ensure all versions are up-to-date on employee devices;

  • Avoiding downloading sensitive information to personal devices;

  • Disabling “remember password” functions; and

  • Training employees on how to detect social engineering and other coronavirus-based phishing attempts.

By tailoring your incident response plans and security systems to the impacts and policies of COVID-19, you will ensure proactive reinforcement should something go wrong.

End-User Training.

When it comes to mitigating security risks, the most effective strategy is one that targets the weakest link: employee exploitation.

While combatting COVID-19 with social distancing and working from home policies, it is crucial that businesses engage in ongoing training sessions and impromptu tests to inform key personnel about phishing and spear phishing attacks. Emphasizing the risk of opening unwarranted attachments or emails from untrusted senders will mean the difference between succeeding in an era of remote work or falling victim to attackers leveraging COVID-19 to their advantage.

Managing Long-Term Impacts of COVID-19

The disruption of countless industries during the current outbreak will surely create a ripple effect that impacts businesses and their revenue over time. With the increased amount of remote work and vulnerabilities, it is especially crucial to understand how to navigate the effects of the coronavirus and implement a proactive response plan to protect employees, company data, and alleviate financial difficulties down the line.

Some important resources to help SMBs lessen the impact of the coronavirus include:

1. Join us for our upcoming webinar on how to protect new deals from wire fraud.

2. The U.S. Small Business Administration (SBA) recently announced their collaboration with state Governors to provide targeted, low-interest loans to help businesses severely impacted by COVID-19 pay off debts, payroll, and other fees.

3. The Export-Import Bank of the United States (EXIM) has established relief measures for U.S. exporters and financial institutions, including deadline extensions.

4. OSHA reports provide extensive information on preparing workplaces for COVID-19 or preventing worker exposure to COVID-19.

5. You can also find useful tips from the National Cyber Security Alliance on how to stay safe online during the pandemic and avoid typical scams associated with the disaster.