By: Christopher Sirota, CPCU
Lexology has reported about a potential increase in cyber risk for some companies that resort to having more staff work remotely during the COVID-19 outbreak to mitigate possible infections.
Data Breach Risk
According to the article, some companies may not have had much experience in allowing their staff to work remotely and thus may be increasing their chances for a hack from the following paths of risk:
- A remote worker may use an unsecured wi-fi connection at home or in a public place; for example a network that only needs a simple password may allow "eavesdropping and man-in-the-middle (MITM) attacks."
- A remote worker may be tempted, because of convenience, to use a personal e-mail to share company documents.
- A remote worker without the routine of using a laptop externally may accidently lose the device; if the laptop has not been properly encrypted, this may allow the loss of sensitive data. Thumb drives may also be used by remote workers to take files externally, and they too are subject to theft or loss.
- A remote worker may use their own device (Bring Your Own Device, BYOD); if not properly authorized or if it does not have authorized software installed, it too can be more vulnerable to cyber attack than corporate equipment.
Furthermore, the article notes that "companies that have historically limited the use of remote access, the sudden increase in remote access activity on their networks may make it more difficult to monitor, detect, and prevent unauthorized activity."
Scams and Phishing
Lexology also highlights that some businesses which typically require in-person or phone confirmations, may be faced with increased risk of scams if the remote worker cannot be easily contacted at home. Per the article, for example, "a financial institution was fined for failing to follow its own procedures that required the institution to call a customer to verify a wire transfer that turned out to be fraudulent."
In addition, phishing scams can reportedly increase during a crisis. Lexology explains that:
cybercriminals are taking advantage of the public anxiety and disruption to ordinary routines resulting from the coronavirus. Since January, bad actors reportedly have been sending an increasing number of phishing emails mentioning the coronavirus, posing as business partners or public institutions to lure recipients to open the messages, thereby unleashing malware.