The COVID-19 lockdown is forcing millions of employees to work from home. As they scramble to set up their home offices and establish connections to their companies’ networks, IT security gaps are inevitably created or exacerbated. This is giving hackers opportunities to infiltrate their employers’ servers and steal business-critical information.
In addition, malicious actors are exploiting people’s fears and psychology during this uncertain time. Many are using phishing scams that trick victims into giving up their personal information or login credentials. Others are sending out links that download malware, allowing hackers to infiltrate networks and servers.
HR and IT departments need to work in tandem to set up protocols and training to keep employee and employer data secure. Here are some cyber threats that remote workers should look out for:
Fake COVID-19 Information Websites
Hackers have created fake websites that show maps and statistics about the spread of the coronavirus. They’re spreading these malicious sites disguised as reliable COVID-19 resources.
These cybercriminals often start by circulating links to those fake sites on social media or through misleading emails. When people click on the links and visit the sites, malware is downloaded to the visitors’ computers and used to perform malicious acts.
COVID-19-themed Phishing Scams
Criminals are also using phishing scams that capitalize on people’s fear of and confusion around COVID-19. They pose as authorities (e.g., the Centers for Disease Control and Prevention or the World Health Organization) in emails to trick recipients into downloading malware or giving up their login credentials.
For example, a scam is spreading false claims that the virus has spread to the email recipients’ cities and prompts them to enter their email passwords to get more information. Another scam takes the same approach and sends victims to a fake Microsoft Outlook portal to harvest credentials.
Meanwhile, some hackers are directing people to a fake version of the World Health Organization website that prompts visitors to enter their email passwords to see “safety measures” on COVID-19.
Cyber Threats that Target Work-From-Home Employees
Malicious actors are targeting people who are working from home because their devices are connected to corporate networks that store highly valuable data.
Some remote employees are forced to use old computers that don’t have the latest security patches installed. Meanwhile, many are distracted by having to balance home and work lives while coping with the stress of isolation. The distraction is making employees more susceptible to hackers’ tricks.
Also, as employees work from home and rely on email for communication, hackers are impersonating senior staff members to trick workers into sending money to them. Meanwhile, senior executives are discussing confidential issues and exchanging sensitive data online, making them prime target for cyberattacks.
Protect Your Company From Cyber Threats Caused by COVID-19 Remote Work
Organizations need to take the necessary precautions to protect their employees and systems from cyber threats so they don’t fall victim to costly data breaches. Here’s how:
- Send regular updates on the latest cybersecurity threats, especially tricks used by hackers during the COVID-19 crisis, to enhance awareness among employees and remind them to stay vigilant. Homeland Security has a COVID-19 cyber threat section of their website that is a great resource for IT and HR teams to provide COVID-19 related cyber threat updates and information.
- Have every employee connect to your system via a VPN (Virtual Private Network) service, like NordVPN or Perimeter 81, which establishes an encrypted connection to your internal network over the internet so hackers can’t intercept the data.
- Provide cybersecurity training and tools, like this COVID-19 scam website checker, to all employees to prevent them from falling prey to phishing scams or downloading malware that can infiltrate your systems and networks.
- Offer sufficient IT support to remote employees so they can configure their equipment properly, connect to your network securely, and install the necessary firewalls and antivirus software to reinforce endpoint security.
- Implement a BYOD (bring your own device) policy to make sure that employees who use their own smartphones and tablets to access your network are doing so securely. Here’s a BYOD policy template you can use as a starting point.
- Enforce a strong password protocol so every employee will have a unique username/password combo to access each platform. The same credentials should not be used for their personal online accounts, such as social media. For enhanced security, you may want to consider utilizing a secure password manager, like LastPass, for all employees. These tools create and store encrypted passwords for each online account.
By implementing the proper security best practices and supporting remote employees to implement IT security guidelines, HR can minimize the risk of cyber threats due to the recent surge of remote work and protect your organization from costly data breaches.
Matt Shealy, Talent Management & HR