Remote working is on the rise, but cyberattacks may be too.
On Monday, UK Prime Minister Boris Johnson advised citizens to adopt “social distancing”- avoiding non-essential travel, crowded places, and to work from home where possible.
Understandably, remote working is a key step to implementing social distancing, but organisations could be adding to current business challenges by not ensuring data is secure.
The International Association of IT Asset Managers (IAITAM) has warned that company’s rushing to set up remote working may be “sitting ducks” for cyberattacks.
It has said that many companies are relying on employees using their own devices without proper safeguarding, meaning there is a risk that sensitive data could fall into the wrong hands.
According to research by the IAITAM, 17% of US Securities and Exchange Commission laptops were not where they were supposed to be and 22% had incorrect user information. The SEC instructed all of its employees to work from home last week after a coronavirus case. This indicates that organisations may struggle to keep track of devices.
Dr. Barbara Rembiesa, president and CEO of IAITAM, said:
“We always say that you can’t manage what you don’t know about and that is going to be a truth with nightmare consequences for many companies and government agencies struggling to respond to the coronavirus situation. The impulse to send employees home to work is understandable, but companies and agencies without business continuity (BC) plans with a strong IT Asset Management (ITAM) component are going to be sitting ducks for breaches, hacking and data that is out there in the wild beyond the control of the company.”
Remote working and cyberattacks: Advice for businesses
In light of this, the IAITAM has issued the following advice. It urges organisations to track all IT equipment being taken out of the office as well as ensuring each machine is equipped with a password and firewall if an employee is going to use it to access a company system.
It also encouraged employers to provide training in how to protect company assets. For highly sensitive data, it advises companies to consider asking employees to sign a Non-Disclosure Agreement (NDA) in order to communicate the importance of protecting data.
Public WiFi networks, such as those in coffee shops, should be avoided and organisations should also look closely at their Bring Your Own Device (BYOD) practices.
As well as the challenges posed by remote working, the current coronavirus pandemic has encouraged cybercriminals to capitalise on panic to spread scams. As the majority of cybersecurity incidents are caused by insider actions, employers should also be mindful of this.
Jake Moore, Cybersecurity Specialist at ESET:
“The spread of fear is just as contagious as COVID-19 and people are falling for these scams in panic mode. Cyber criminals are relying more on social engineering, which is the practice of deceiving or manipulating someone. Right now this tactic is proving very popular; people feel they have limited time to research the background and validation of sites. Panic is a psychological feeling that threat actors use widely, especially when there is a pandemic.
“I’m also seeing a huge increase in texting scams. I’ve seen employees targeted with texts which are supposedly from their boss, requesting that they send Amazon vouchers to their business partners to apologise for business inconvenience. Employees need to verify these requests by phoning their management on the number they know to be correct before any financial transactional is made.”