Uncertain times have befallen the world right now, with netizens claiming that the present reality is straight out of an apocalypse movie. The coronavirus pandemic is wreaking havoc on the business community, slowing down growth and contributing to economic losses. While social distancing is the only known way to address the growing threat of this deadly disease, it has opened up new challenges related to remote work.
Apart from issues of productivity and collaboration, the business ecosystem is seeing the emergence of cyberthreats leveraging COVID-19. There has been an upsurge of coronavirus cybersecurity scams mainly because of riskier home networks where the security landscape is never as robust and secure as the enterprise.
According to reports by Wired, it has been seen that hackers and cybercriminals are selling discounted off-the-shelf malware on the dark web while creating thousands of new domains everyday. It might seem that they are one step ahead of businesses as they can understand the security gap that remote work can now create world over.
The question is - how can companies ensure the maintenance of their ordinary security framework during the extraordinary time of the coronavirus pandemic?
1. Home Networks Are Particularly Risky
As all employees are now working from home, the enterprise needs to think about the network challenges. There is no way the home networks compare to the office internet framework when it comes to the strength of the cybersecurity landscape. Often, modems and routers that the employees use at home have out-of-the-box passwords that they do not reset. Modern day challenges include the fact that Internet-of-Things (IoT) devices also have listening and recording capabilities.
For cybersecurity crisis management related to such issues, companies should provide employees with portable wifi devices or cellular-hotspots from phones issued by the office. Efforts should also be made to educate employees about security awareness and internet best-practices.
2. Risks of Using Virtual Private Networks (VPN) and Remote Desktop Protocols (RDP)
To connect to and access the company’s information and resources, the employees need these technologies. But in a home network, the great variation of security of VPNs and RDPs can increase the risk of malware infestation.
To reduce the risk of coronavirus cybersecurity scams, companies should indulge in some enhancements like detecting the security capability of the home network of the employee and then adjusting how much information the employees can access.
3. When Things Go Wrong, Fixing Issues is Challenging
The company might have a very robust cybersecurity crisis management and incident response plan in place. But most plans that enterprises make or keep testing and improving have to do with the IT personnel or security analysts at office.
As the people who have hands-on experience with dealing with a security crisis are also at home, the situation might get worse. They might have the expertise to solve issues while working from home but it is an uncharted territory. The experts would need more time and have to try newer techniques to address security breaches.
The only way out of this is to ensure that all security procedures and incident response plans are updated taking remote working into account.
4. Panic-stricken Employees May Not Have Cybersecurity in Mind
One of the most peculiar problems that the coronavirus pandemic has brought forth is panic. Almost every second person out there is in a state of uncertainty and panic. When the personal lives of the employees are at potential risk, it would be foolish to assume that they will always be 100% alert to cybersecurity risks.
For the cyberthreats leveraging COVID-19, this is a window to attack. Employees might miss phishing emails and click on malicious links, exposing sensitive official documents. Unfortunately, cybercriminals rely on this kind of a security gap and with lots of coronavirus pandemic related emails circulating daily, it can be hard to distinguish a malicious email, especially when created in a sophisticated fashion.
It is the responsibility of the enterprise to take the initiative and remind employees about the coronavirus cybersecurity scams and what they can do to protect their systems and networks. They should be asked to check email addresses thoroughly and not jump over to unknown websites. Additionally, the companies should also regularly update content filters to automatically block emails from known malicious senders.
5. BYOD is a Dangerous Idea
BYOD of Bring your own Device is the precedent followed by most companies in the wake of their social distancing efforts. Many organizations cannot procure, configure or issue laptops due to the obstacles and slowing down of the supply chain. For the enterprises that cannot provide their employees with secure devices and networks to work from home, this is the only way out - asking them to use their personal devices.
All these personal devices will need to have the same level of security as the device that is owned by the company. Moreover, the company will also need to understand the privacy implications of letting their employees connect their personal devices to their business network. This makes the special review of IT use and security policies mandatory.
The coronavirus pandemic has managed to slow down the entire world economy. Business has taken a backseat as many people struggle to stay healthy and mentally strong during these crazy times. It is evident that the world is going to come out of this tunnel soon and when it does, there would be a great economic burden to bear and subsequently fix.
Organizations should endeavor to address the risks of working remotely and the expenses required to get over a security breach can cripple the company’s finances further. As the novel coronavirus is already taking effect on cybersecurity, enterprises should create stronger security frameworks to enable efficient remote working capabilities, maintaining social distance and reducing further financial losses.