How Remote Work during COVID-19 has Increased Business Vulnerability to Cyber Attacks

Cybersecurity has long been a concern for organizations around the world. Businesses have responded in the past by providing secure work devices, screening and approving software, and hiring an IT team to maintain the company’s cybersecurity efforts.  But coronavirus has led to changes which have increased business vulnerability to cyber attacks.

The ongoing health and economic crisis related to the COVID-19 pandemic is upending business operations and has forced many organizations to introduce telework. In this post, we explore how the hurried transition to remote work has increased business vulnerability to cyber attacks, and what you can do about it.

Increased business vulnerability to cyber attacks #1: Blurred Boundaries

While remote work has allowed most businesses to remain operational, it has obscured the boundaries between work and personal life. Employees can not only work from their kitchen tables, but they can also access corporate data on personal devices.

Organizations take security precautions with their work devices, but the same protection might not exist on personal devices. This lack of protection exposes an organization’s data to cybersecurity threats,.

Employees are not the only people likely to use work devices for personal use. For example, their family members might gain access to their devices and unknowingly download malware.

Employees are also less likely to keep up with software updates, meaning their devices remain exposed to vulnerabilities which an update fixes.

In addition to a rise in the use of personal devices for work, remote working has seen an increase in “shadow IT.”  Shadow IT is the phenomenon whereby employees find tools and software on their own to help them fulfill their responsibilities.  This increases the attack surface and vulnerabilities.

Increased business vulnerability to cyber attacks #2: Unsafe Networks

Remote working has given employees the freedom to work anywhere, and this is not limited to their homes. Employees can easily work in public areas such as cafes and libraries, and even use the free Wi-Fi provided in these areas.

However, this introduces the risk of connecting to an unsafe network, where their traffic and data are intercepted or credentials harvested.

Free Wi-Fi is, however, not the only potential attack surface. Poorly secured home networks are as risky as public Wi-Fi. Criminals can easily hack into unsecured or poorly secured home networks.

Increased business vulnerability to cyber attacks #3: Human Error

Long before the pandemic, human error was a contributing factor to cyberattacks. But the number has increased since 2020, with 95% of cyber breaches resulting from human error. Unintentional actions by employees, such as downloading a malware-infected file, can lead to data loss.

Human error also increases with sophisticated social engineering attacks, which trick employees into handing over sensitive corporate data.

Poor password practices are another common source of human error. When working remotely, your employees have to set up conferencing and work applications, which often require credentials. Creating passwords constantly can be overwhelming,  leading employees to use the same password for all their accounts. Using similar credentials makes it easier for criminals to attack, as they can simply try using known passwords.

How You Can Protect Your Business

Work from home during the pandemic has fueled the growth of cybercrimes. Malicious actors continue to identify and exploit vulnerabilities that came with the transition to remote work.

The good news is that there are simple measures you can take today to protect your business from cyberattacks and the costs associated with a data breach. They include:

  • Develop a remote work cybersecurity policy with provisions for the security measures your remote team should take
  • Educate your remote employees on the importance of cybersecurity, the common cyber-attacks, and the steps they can take to protect their devices and networks
  • Limit the access employees have to corporate data (let them access only what they need to perform their duties).





Related Article