Working from home: Cybersecurity in the time of COVID-19

Today, billions of people around the world have been ordered to stay at home to help curb the COVID-19 pandemic. As a result, the number of people working from home has skyrocketed, raising alarm bells for cybersecurity experts who warn that this has created an ideal environment for cybercriminals to thrive.

In fact, COVID-19 related cyberattacks began in January and have only proliferated since. Now, questions are also being raised over the security and privacy of video conferencing tools used by millions of people around the world.

“Companies are urgently balancing the need to get everyone connected and maintain productivity versus the risk that this creates,” Jacques Francoeur, Chief Scientist and Founder at Security Inclusion Now USA, told ITU News.

Global outlook
Generally, cybercrime is on the rise and businesses face a wide range of growing threats; Evolution Equity Partners estimates that there will be over four million threat types by 2025.

Meanwhile, over half of global businesses are not confident they are ready for, or would respond well to, a cyberattack according to a recent report by California-based cybersecurity firm FireEye. In addition, roughly 30 per cent said they have a cyber response plan in place which has not been tested or updated within the last 12 months.
An uncontrolled environment
This leaves employees who are now working away from the office environment, often operating on less secure WiFi networks and using devices that are not aligned with or setup per their companies’ policy controls, in a uniquely vulnerable position to cyberattack.

“The attacker has time, resources, and a committed intent. It’s tough to beat.” – Jacques Francoeur

“Working from home means having less control over the end user security and secure connections,” said Josephine Ajuoga, a Senior Information Systems Analyst at African Banking Corporation Limited. “Many organizations… will highly rely on employees to use their own devices for work, which are most likely not securely set up, have secure connection or updated to handle cyber attacks.”

All of this can make the employee an easier target for cyber criminals. “In the home environment, a lot of the policy controls that created a safe environment, in a safe wireless network to connect to and so on, are kind of now relegated to a remote endpoint in an uncontrolled environment,” said Jacques Francoeur.

Continue reading on ITU News