Cybersecurity Challenges in the Wake of COVID-19
By David Turcotte, Chief Legal Counsel, AccessData
As the coronavirus continues to spread, the possibility for more disruption of day-to-day operations grows. For those who have migrated their workforce away from the office, working remotely without compromising security is critical and challenging. According to Global Workplace Analytics, 50% of U.S. workers are now working from home full time but cybersecurity concerns are confronting organizations, 48% of which according to Slack, are struggling to enable a Work Remote Solution.
Hackers Target WFH Employees
New data warns of cyberattacks targeting those forced to work from home during the coronavirus outbreak. Hackers are leveraging concerns over the virus to prey on individuals working outside secure office environments, opening the door to more cyber vulnerabilities. The FBI backs up these concerns reporting that cyberattacks have risen by 300% during the pandemic.
With more than 30 years of experience, AccessData understands that hacking a remote user is easier than hacking an employee working behind the firewall of a corporate environment. The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert pointing to specific cyber vulnerabilities around working from home versus the office, zeroing in on potential cyberattacks on virtual private networks (VPNs) and home WiFi networks. These networks may make it easier to telecommute, but, according to CISA, they also open up a tempting way for hackers to effectuate a cyberattack.
AccessData recommends providing company-issued hardware or ensuring BYOD policies include monitoring, acceptable use policies and protocols to keep data safe. Augmenting training to prepare employees for cyberattack risks at home has to be a part of every working remote plan, but every organization should immediately focus on three critical areas: network access, strong passwords, and training.
Three Areas Every Organization Should Focus On
Virtual Private Networks (VPNs) must be kept current and up to date and employees should be encouraged to always use them when connecting from home or public (i.e., untrusted) hotspots such as in cafés or airports. Organizations deploying virtual desktops to eliminate local data will garner superior protections and management efficiencies that avoid overtaxing IT departments.
Strong passwords have always been imperative for data protection but now more than ever, employees must be vigilant. Sharing passwords between sites or granting others access to computing and data resources must be avoided. Password managers (e.g., LastPass®) should be encouraged so as to use features such as password duplication and weak passwords. Multi-factor identification or two-factor authentication with text or email notifications add important protections that raise the bar sufficiently to stave off attackers looking for easy, quick targets.
Training is critical. Phishing and ransomware remain substantial threats that continue to grow in sophistication and proliferation. According to Verizon Enterprise, about 33% of data breaches in 2019 involved phishing attacks while another 30% utilized stolen credentials. Therefore, remote employees must be reminded about phishing emails and how they are used to steal data and credentials. Unscrupulous hackers count on the good nature of your team and may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Any email with a COVID-19 subject line, attachment, or hyperlink should be examined carefully. CISA recommends that employees: 1) Don’t click links on unsolicited emails; 2) Don’t open attachments from unknown sources; 3) Never respond to emails asking for personal information.
AccessData is ready to assist to ensure that as organizations keep employees home, digital forensic and incident response tools are ready to deliver pandemic preparedness not only for COVID-19, but for the new business reality that recognizes that working from home is here to stay. “The byproduct of developing remote access and other virtual workplace technologies is that it enables employee productivity for other less serious, but perhaps more frequent, events like the common cold and severe storms.” Prepare Your Organization for a Pandemic, Forrester Research
Updating security policies and implementing training programs that extend security controls to employee homes is critical to protecting organizations in this new business reality. AccessData is ready to assist your organization to find vulnerabilities, enhance your capabilities, and recommend the responsive tools necessary to protect your business from these new and expanding threats.
About the Author
David Turcotte joined the AccessData team as Chief Legal Officer in 2012 and maintained his focus on Security, Compliance, and the rapidly changing domestic and international data privacy laws. Before AccessData, Turcotte served as General Counsel for several high profile security and technology companies like CrossCheck Networks, Forum Systems, and FusionIO. Passionate about computing and data technologies, Turcotte enjoys engaging with customers to assist them in navigating the security/compliance landscape. Turcotte leans heavily on his experiences as a collegiate, professional and Olympic athlete, an Economics degree from Colorado State University and his law degree from Brigham Young University. David currently lives in Park City, Utah with his wife and three children who continue to inspire his daily pursuit of excellence and the things that truly matter.