Get all the latest news on coronavirus and more delivered daily to your inbox. Sign up here.
The enforcement of mandatory work-from-home policies has opened new doors for hackers, according to experts.
As many American companies tell their employees to stay at home in an attempt to fight the coronavirus pandemic, home workers could become the weak link in the chain for computer security.
“With the U.S. workforce shifting towards telework… the attack surface [for hackers] has grown, and attackers are champing at the bit as a result,” Satnam Narang, principal research engineer at cybersecurity firm Tenable, told Fox News.
Newly remote employees should be ready for a jump in fraudulent emails about COVID-19, Narang said, adding the links in these emails could exploit flaws in popular software like Adobe Flash and browsers such as Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Edge.
Cybercriminals have also weaponized widely used software like the Johns Hopkins Coronavirus Map, turning it “into a piece of malicious software,” Narang added.
Another challenge is the potential holes in home networks, according to Chris Rothe, chief product officer and co-founder of Red Canary.
“There are two high-level security challenges brought about by remote work,” Rothe told Fox News. “The first is that as a security team you lose control of the environment in which the user is working. Have they secured their home Wi-Fi?” The second is access to IT resources they need to do their job… Essentially, your [company’s] network perimeter now includes all of your employee’s homes or the coffee shops they are working at. Some security programs are ready for this, some aren’t.”
And all of those smart home devices present a golden opportunity for hackers, Curtis Simpson, chief information security officer at computer security firm Armis, told Fox News. “Home smart devices, many of which are built without security in mind, are a major point of vulnerability for remote workers,” Simpson explained.
The list of home smart products includes connected light bulbs, refrigerators, Peloton bikes and even Roombas, Simpson added.
The mix of work and personal is another weak spot, Colin Bastable, CEO of security awareness training company Lucy Security, told Fox News.
“People working from home get easily distracted, especially if they are normally used to working in the office, and they will mix work with personal email and web browsing. This increases the risk [of]…clicking on malware links,” Bastable said.
Armis’ Simpson offers some tips to make working from home more secure:
- Ensure that multifactor authentication requirements are being enforced for privileged users accessing the most sensitive and critical of Internet facing services. Multifactor authentication is a security measure where a user gets access to a device only after providing two or more pieces of ID data (factors). So, for example, instead of just providing a password, a user is asked to provide a temporary passcode too.
- Tell workers how to check common modem and router settings to confirm optimum security settings; recommend updating home Wi-Fi passwords.
- Be ready for an increase in emails claiming to be from senior staff and requesting illegitimate bank transfers, gift card purchases.
As of Friday morning, there had been more than 542,000 reported cases of COVID-19, including at least 85,000 in the U.S., having surpassed Italy and China to become the most affected country in the world.