In recent days, it seems like every webinar, article, and technology-related post has something to do with the technological impact of COVID-19—and with good reason. With remote work environments posing new threats, cybercriminals taking advantage of already vulnerable people with COVID-related phishing scams, and the operational difficulties associated with keeping business and organizations afloat from afar, the topics of consideration are far-reaching. However, as we continue to cope with this pandemic and manage our new “normal”, it is important to not allow cyber fatigue to creep into our routines. Just as we should continue to diligently wash our hands, wear masks, and avoid large gatherings, we should make sure to maintain best security practices while working outside of the physical office.
The primary technical challenge brought about by an increased reliance on remote work is ensuring that employees can securely and efficiently access organizational networks. Moving away from our physical work-spaces opens up a greater number of vulnerabilities for potential cyber attackers and puts organizations at risk. A diminished ability to control and manage employee cyber habits con-founds the issue and highlights the two-sided human element of security.
The human element of security is essentially the “make it or break it” factor when it comes to creating a strong security posture in the face of constantly evolving threats. Throughout the COVID-19 pandemic, cyber attackers have been taking advantage of these already fearful times by capitalizing on widespread unemployment, uncertainty, and the fact that so many are working from home. The May 19th Federal Trade Commission’s COVID-19 Complaints report states that there have been 49,989 scam reports since January, and $36.68 million in total losses to consumers. Communication tools that many utilize during this time, such as Zoom and online classrooms, are being targeted as well. Combined with the typical slew of threats we face in our digital landscape, remote employees have to contend with a barrage of pandemic-related attacks that often exploit human vulnerabilities rather than technological ones.
“Training employees on best security practices while working from home is crucial in addition to providing a clear and effective way for communicating security concerns and reporting incidents.”
Training employees on best security practices while working from home is crucial in addition to providing a clear and effective way for communicating security concerns and reporting incidents. Best practices include but are not limited to using VPNS, multifactor authentication, avoiding public WiFi, securing endpoints, strong passwords, email encryption, updating software when necessary and using only approved technologies and devices while working remotely. Recognizing phishing scams and being trained to avoid clicking on links are also critical factors, as well as communicating how and when certain types of information will be received and sent. The general advice to “slow down” helps to mitigate the risk that employees will act quickly to fulfill any requests contained in phishing emails or scams, as they often urge victims to act quickly, and will seek out appropriate parties to confirm the legitimacy of digital communications.
Remaining vigilant in our cybersecurity practices during this time is challenging when we are trying to maintain normalcy in the face of so much uncertainty. However, developing and strengthening cultures of security will only make normal organizational operations that much more possible. Acknowledging the human element of security, and the new threats we face as the result of COVID-19, is critical as we continue to work remotely. Mark Lanterman