While the internet has allowed people to stay connected and continue working from home during the pandemic, it has also presented an opportunity for cybercriminals to take advantage of susceptible remote working setups. Cybercrime has significantly increased since the start of the pandemic, prompting corporations to mitigate the risk of a data breach against an onslaught of new vulnerabilities to their internal systems.
Having a remote workforce comes with numerous dangers when employees rely on their home networks and their own devices to connect to their employers’ online systems. Our increased reliance on digital communication and electronic devices has left us more vulnerable to cyberattacks than ever before. Cloud-connected applications like Google Drive, email and attachments, and third-party messaging systems all hold valuable information and are vulnerable to bad actors. Organizations’ office networks usually have robust security measures, including firewalls, black or whitelisted IP addresses, and closed internal networks. These protections are often not available or as robust for in-home networks.
Online bad actors have not only taken advantage of the increased network vulnerabilities, but they are also tailoring their attack methods to prey on human fear and the uncertainty brought on by the pandemic. According to the security firm KnowBe4, COVID-19 related phishing emails have increased by 600 percent. Bad actors use these scam emails to exploit concerns about the virus and fool people into handing over sensitive information or downloading malicious attachments. For example, some phishing emails will have a COVID-19 related news story added to their “from” lines to bypass security software meant to filter out illegitimate emails. Attackers actively keep up with the latest pandemic developments to make the emails seem legitimate.
Despite the increased risks, remote work is likely here to stay. Although it is impossible for a system to be completely impenetrable, organizations should take steps to mitigate the risk of an attack. As an initial measure, organizations must bolster their network capacity to allow an increase in remote traffic. Ideally, all computing devices that connect to an organization’s internal network should function under a corporate virtual private network (“VPN”) to share and store data on a virtual version of the corporate server. Since most malware is mistakenly allowed into the system by employees, educating employees and consumers about online security is another critical step to preventing a data breach. Many organizations have implemented cybersecurity training programs to provide guidance on how employees are targeted and how they can check the authenticity of external communications.
To learn more about the mitigation steps you and your business should take to reduce the risk from cybercrime, please reach out to the attorneys at Rock Fusco & Connelly, LLC.