Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.
For workers being instructed to work from home amid the COVID-19 outbreak, doing jobs remotely can be a major adjustment. For hackers, it can be an opportunity.
Remote work means a rise in the number of devices employees are using for their jobs, and an increase in the use of online conferencing tools like Zoom, Google Hangouts, Microsoft Teams, and Slack. That shift also give hackers a larger number of potential targets.
Cybersecurity research firms are predicting a spike in hacks and breaches targeting businesses as the COVID-19 outbreak continues, Business Insider's Jeff Elder reported last week. The Department of Homeland Security has also advised businesses to prepare for new cybersecurity threats arising from work-from-home arrangements.
Business Insider asked cybersecurity experts about measures workers and companies can take to significantly reduce their vulnerability while working from home. Here's what they recommend.
Companies should make sure their workers are up to speed on basic security hygiene, including strong passwords and multifactor authentication.
"With a remote workforce and everybody working digitally, the threat landscape certainly increases," said Kiersten Todt, managing director of the Cyber Readiness Institute and former cybersecurity adviser to the Obama administration. "Now's a really good time to look at all the capabilities you could be using, like multifactor authentication, and to turn them on."
Workers should be especially wary of suspicious emails and avoid clicking on links that are new or unfamiliar to them.
"For now, individuals are going to be a lot more targeted because they know there's going to be a path to company assets," said Stephen Breidenbach, co-chair of the cybersecurity practice at the law firm Morick Hock & Hamroff. "I would not be surprised to see an attacker posing as tech support targeting the employee who is outside of the office now."
As a general rule, never share personal or financial information via email or message.
Most phishing schemes aim to extract people's personal information or login credentials as quickly as possible. If you think someone at your company is asking for your personal information, call them to confirm, and if necessary, give them the information via phone.
Before circulating or acting on news about COVID-19 and its impact on your business, verify that it's coming from a trusted source.
While this advice may seem obvious, experts warn that phishing scams surrounding COVID-19 hinge on social engineering, often circulating false information in an attempt to make people act out of fear or panic.
"We can expect an increase in social engineering," Todt said. "Do what you can, whether it's as a consumer, business or otherwise, to validate the source of information."
Businesses should explore rolling out VPN services, and make sure their VPNs are patched and up-to-date.
A virtual private network lets people remotely share data as if they were connected to a shared private network. Several popular VPN services were found to have critical vulnerabilities earlier this year — companies should make sure all workers have downloaded the most patched, up-to-date version.
"I think VPNs are a must," Breidenbach said. "If you do not use an encrypted pathway to get into the company network, you are just waiting for someone to open the door and come in."
Companies should also consider using encrypted messaging services for work communication.
Todt says companies should encourage workers to use encrypted, enterprise-focused services like Wickr as much as possible, adding that consumer-facing software like WhatsApp has proven to be a more frequent target for hackers.
"What I worry about in this situation is that, in an effort to continue to be efficient, people just default to what they use in their personal world," Todt said. "We saw this with Jeff Bezos — don't use the consumer-based technology for business-centered communication."
Experts say it's crucial that companies formulate a recovery plan in case they're hit with a breach stemming from work-from-home conditions.
"A lot of times companies are simply not prepared for this type of incident," Breidenbach said. "Companies need to prepare to maintain at least bare minimum functionality should something happen."