The novel coronavirus (COVID-19) and the resultant move to widespread homeworking has created new vulnerabilities for criminals to exploit, according to a new report from cyber analytics expert CyberCube and professional services firm Aon.
According to the report, homeworking has exposed new access points for cyber criminals to gain entry to corporate systems including domestic PCs, laptops and Wi-Fi routers. To defend against this, organisations need to provide employees with advice on keeping home IT systems secure. In addition they must add additional security by ensuring remote connections to corporate IT systems are private and encrypted.
There are a number of cyber dangers that working from home exacerbates:
- Homeworking has led to a diminution in employees’ distinction between work and personal emails. This can lead to confidential emails accidentally being shared with unauthorized people
- The increasing usage of devices with insecure or multiple-use passwords can lead to personal devices being used as a route into corporate systems
- Workers based at home are more likely to use online applications that would be prohibited in the corporate environment due to security concerns.
- Unlicensed applications may be used by home workers, potentially exposing organisations to vicarious liability if those applications are used for work purposes
- The rapid rise of online shopping due to lockdown has exposed the public to a higher level of well-established cyber scams such as form-jacking and spoofing, again meaning that criminals can use personal devices as a gateway to corporate data
- In addition, criminals are exploiting the public’s need for information on COVID-19 to create a range of social media and text message attacks, particularly in those countries worst affected by the virus.
Understanding the nature of these threats is critical if organisations want to defend against them. Any organization that rapidly deployed new technology, applications, services, or systems at the onset of the pandemic should ensure that they have implemented best practices in security configuration and architecture as well as educating their remote employees in safe working practices.
Many organizations are discovering that their rapid deployments, while necessary, may have introduced undesirable security vulnerabilities in the environment, which need to be addressed before they are exploited by malicious actors, or before unintentional information sharing or leakage by users takes place.
According to Darren Thomson, CyberCube’s Head of Cyber Security Strategy, “Homeworking is one of the biggest changes people have had to handle during the pandemic but it’s here to stay – and that’s changed the footprint of organizations’ IT systems. More laptops, more mobile access, more devices that were never designed for corporate work – and employees juggling work life and home life on the same machine.”
Darren Thomson points out that insurers who are underwriting cyber risk will increasingly be very mindful of these changes and how they affect an organization’s risk profile. These new norms will be incorporated into underwriting processes.
Jon Laux, Head of Cyber Analytics, Reinsurance Solutions at Aon, confirms this: “The lesson this report draws is that cyber-security at home is a different animal to cyber-security in the workplace. Organizations are going to have to think more laterally. They’ll need to be more user-centric with a particular focus on employee’s own devices and the cloud-based applications they use.
Teiss believes that the likely result of this will be policy price hikes and potentially more stringent requirements made of policy holders. And that in turn will result in a lot of change that management will have to handle. But it is only by unpicking each of these threats and understanding how they occur, and therefore how they can be managed, that organisations can secure themselves from vulnerabilities caused by increased working from home.
CyberCube and Aon’s joint report, Pandemic Under the Microscope: A Focus on the Cyber Risk Impacts of Working from Home, is available for download here. Registration required. In addition, a video featuring Jon and Darren discussing some of the report’s key findings can be found on https://youtu.be/4djw4yTnMdA