The 4 Key Cyber Risks of Working from Home
As the COVID-19 pandemic has forced large numbers of office workers to work from home, a significant increase in cyber risks have emerged. This article considers 4 key risks and discusses some solutions to mitigate these risks.
Key Cyber Risk # 1: BYOD
Bring your own devices (BYOD) are much more likely to have been connected to corporate systems recently for a number of reasons. Many office workers may use desktop computers at their corporate offices and not be issued with mobile devices such as tablets, notebook computers and laptops. Even when organisations tried to order new devices for staff members, stocks of many devices quickly ran out.
But what risk does BYOD represent to today’s modern business? The answer is … it depends. For those organisation’s who have implemented strong cybersecurity systems including mobile device management (MDM) and mobile application management (MAM) solutions, perhaps little. Combine these technologies with multi-factor authentication (MFA) and conditional access (CA), and whether the device is owned by the individual or the business may be largely irrelevant.
MDM + MAM + MFA + CA = Strong Cyber Defences
Fortunately, strong cyber defences are affordable, relatively easy to implement and not particularly intrusive for end users.
If however, personal devices that may not be up to date with operating system patches, could be jail-broken, have running malware or unprotected from viruses and other cyber threats, significant risks remain. Note also the potential for insecure home Wi-Fi networks.
Key Cyber Risk # 2: Distractions
Working from a temporary make-shift office that may be no more than a corner of your kitchen or a coffee table in front of your TV may not be the best place to focus on work and avoid distractions. It is when we are distracted, that we sometimes let our guard down and aren’t as vigilant as we would normally be in identifying social engineering attacks such as phishing emails or clicking on a dubious link on a website.
When you add to this, the potential personal concerns of family members losing their jobs or contracting Coronavirus, significant pressures can be felt that make it easy to do something that you wouldn’t ordinarily do.
Key Cyber Risk # 3: Relaxation of the Rules
As organisations fight to remain operational and “keep the lights on”, management may agree to allow some processes to be ignored. For example, where paper-based forms are used to obtain physical signatures of approval, this can be very difficult during isolation, social distancing and working from home. Shortcuts may be taken to avoid certain steps in procedures which would have normally provided a level of controls, checks and balances. When these are ignored, it gives the potential for cyber criminals to take advantage of less-secure environments.
Key Cyber Risk # 4: The Increase in Cyberattacks
Cybercriminals know that we have our guards down. Using less-secure devices, being distracted and short-cutting processes can provide opportunities for cyberattacks to succeed where they would normally have failed.
It has widely been reported [1] that cybercrime has escalated since the COVID-19 outbreak. The Australian Cyber Security Centre (ACSC) has issued a warning[2] to remind individuals and organisations to consider cybersecurity when preparing for COVID-19. The Australian Competition and Consumer Commission (ACCC) is reporting[3] thousands of coronavirus-related scams and losses of over $700,000 on their Scamwatch website.
Strategies to Mitigate Cyber Risks During a Pandemic
Issues to consider in protecting yourself and your organisation to cyber attacks during a pandemic are as follows:
Issues for Organisations
- Implement cyber defences such as MDM, MAM, MFA and CA
- Consider additional solutions required to support users working from home, such as virtual private networks and information rights management
- Regularly communicate the need to exercise good cyber security practices and remind of increased risks during the pandemic
- Update incident response plans to cater for changes in a distributed environment
Issues for Users
- Ensure personal devices are up to date with patches, have anti-virus software installed and firewalls enabled
- Avoid clicking on links in unsolicited emails and be wary of email attachments
- Don’t reveal personal or financial information in response to emails, text messages or phone calls from potentially illegitimate individuals
- Be aware of social engineering and phishing scams
- Don’t store corporate confidential information in personal cloud storage systems
[1] https://www.engadget.com/fbi-cybercrime-complaints-increase-fourfold-covid-19-091946793.html
[2] https://www.cyber.gov.au/news/cyber-security-essential-when-preparing-covid-19
[3] https://www.scamwatch.gov.au/types-of-scams/current-covid-19-coronavirus-scams