21 May 2020

The mass move to work from home during the coronavirus crisis has created openings for hackers, according to global cyber security experts. 

Employees have been told to stay at home to work and study because of the coronavirus pandemic, but using their laptops and accessing company data will only encourage hackers to exploit sensitive information belonging to the likes of the NHS and giant corporations.

Government officials around the world have issued warnings about the dangers of a newly remote workforce, with Britain’s National Cyber Security Centre having issued a six-page leaflet for businesses managing remote employees who regularly access confidential data.

Kurt Glazemakers, CTO software defined perimeter at secure access specialist AppGate, told Networking+ that “hackers will certainly have more opportunities” because typically, remote access to the network creates more vulnerability. “While all workers should be mindful of security issues, remote workers need to be extra vigilant,” he said. “Hackers will be looking for weak links and ways into a business’s network. It’s important then to reduce the attack surface as much as possible so it is harder and less appealing for an attacker. Workers too need to be extra careful when they receive emails with IT-issued instructions and password resets as these are a simple way for attackers to gain access.”

An annual survey commissioned by Apricorn, the manufacturer of USB drives, found that more than half (57%) of UK IT professionals believe that remote workers will expose their organisation to the risk of a data breach. It also found that apathy is still a major problem, with 34% of IT leaders saying their remote workers simply do not care about security – exactly the same as last year – which suggests enterprises are struggling to get staff to acknowledge the importance of data security.

“This year, the need for organisations to facilitate effective and secure remote working has been cast into the spotlight to an extent no-one could have anticipated,” said Jon Fielding, managing director EMEA, Apricorn. “Our survey shows that while progress has been made in some key areas since 2019, some of the same risks – such as employee apathy or error – remain a problem. In these currently challenging times, when UK workers are being urged to work from home, it’s all the more important that security is a priority for everyone.”

As far as implementing security is concerned, Cisco Systems said the number of requests for security support to support remote workforces have jumped 10-fold in the last few weeks.

“People who have never worked from home before are trying to do it and they are trying to do it at scale,” said Wendy Nather, a senior advisor with Cisco’s Duo Security who has spent the past decade working from home in different roles.

She said the sudden transition from office to home would create more scope for errors, more strain on information technology staff and new opportunities for cyber criminals hoping to trick employees into revealing their passwords.

It has been claimed that criminals are dressing up password-stealing messages and malicious software as coronavirus-themed alerts, warnings or apps.

Many workers are moving their employers’ data from professionally managed corporate networks to home Wi-Fi setups protected with basic passwords. Some firms are loosening restrictions to allow employees to access work-critical information from their bedrooms or home offices.

Fielding said that while remote working is not a new concept, the change in the work\life balance currently experienced by employees is something businesses must start to accept.

“With so many employees now having a taste for home working, it might be hard for businesses to put that particular lid back on – so they need to figure out where their vulnerabilities lie now and address them he said.