The shift to a remote workforce model precipitated by the COVID-19 pandemic has no doubt created cybersecurity challenges for your business.

Hopefully, you have been operating with the tools required for a mobile workforce for years. These include communication, productivity, and security applications such as Virtual Private Networks (VPNs), two-factor authentication (2FA), and cloud services that enable your employees to work from any location, at any time, thus improving organization-wide performance.

The transition to a remote workforce has created cybersecurity challenges, not because your organization is unprepared, but because cybercriminals are attempting to capitalize on the chaos of the situation.

Perfect Storm for Phishing

The increase in phishing during the COVID-19 pandemic is staggering. We can attribute this spike to the following factors:

  1. Uncertainty – For most people, this is a completely new situation with information changing on an hourly basis. As your inbox has become overwhelmed with COVID-19 updates from seemingly every website on earth, separating marketing messages from official information, internal from external senders, and facts from misinformation is nearly impossible. It is no surprise then, that COVID-19 updates have been the subject of the majority of phishing emails sent since January. Messages promising everything from miracle cures to scarce products have been circulating.
  2. Economic Stressors – With large sectors of the global economy shutdown, millions of people are now out of work for the first time in their lives. For potential victims, the incentive to engage with emails promising financial reward increases as their personal financial situation deteriorates. To make matters worse, these same economic pressures increase the attractiveness of phishing for hackers who resort to crime in desperation. Offers for loans, debt consolidation, and other measures to ease financial burdens are the most common vector of attack.
  3. Decentralized Networks – Cybercriminals see the intermingling of personal, family, and work devices as a potential security vulnerability and attempt to exploit you. In most homes, your modem is the only device that has a public IP address. The range of devices you have connected at home, therefore, will all show up under the one address. Absent a secure VPN, if any of the likely dozen or more devices connected to the modem become infected, cyber-criminals will have a far easier ability to launch an attack from this one trusted local device to any others using the same IP address, including your work laptop.

Protect Your Remote Employees

What we are seeing is the potential for a vicious circle – more vulnerable networks increase the likelihood of damaging (or lucrative, from the criminal’s perspective) attacks, which incents more attacks, which further weaken networks.

The best way to do your part in reversing this trend is for your organization to implement proactive cybersecurity practices that limit your exposure to threats.

  1. Cybersecurity Culture – your leadership team must embrace cybersecurity as the tone you set will determine adoption of positive habits by everyone in your organization. Formalizing your business’ policies and procedures sets the technical framework, but also signals to employees that cybersecurity is vital to your success.
  2. Cover your bases – ensure that your staff has the tools they need to remain secure while working remotely.
  3. Manage, Monitor, and Maintain – equally important as choosing the correct set of applications is ensuring that you have cybersecurity experts who can anticipate trends and monitor your network.
  4. Build better habits – use this time adapt your online habits. The majority of cyber attacks rely on social engineering, not brute force, so your (and your employees’) behaviour will determine your success.

Check back here later this week for more on point #4. At NeuStyle, our approach to proactive cybersecurity is as much knowledge-based as it is technical, and benefits greatly from sharing new ideas.

This article is adapted from a presentation given by NeuStyle to The Centre for Family Business on May 29th, 2020.