As the COVID-19 pandemic worsened around the world, it soon became clear that the safest option was to have as many people work from home as possible. Doing so limited the opportunities for the virus to spread and made it easier for individuals to control their environments in the interest of staying healthy. However, that also meant many employees started working remotely for the first time. Others were not accustomed to getting stuff done without being in the presence of their colleagues.
Working remotely meant that internet security professionals had to do things differently too. As the workforce became more distributed, the chances for online criminals to wreak havoc rose.
Remote Work Creates an Unfamiliar Environment
People who specialize in safeguarding organizations against internet threats are well-accustomed to online education. For example, they often receive cyber security training to keep their knowledge up-to-date. The leaders of today’s companies want internet security team members that know both offensive and defensive techniques used to protect resources and networks. Thanks to the prevalence of online cyber security training courses, they can learn from anywhere, often under the orders of their superiors.
However, many of today’s workers in other industries were not so familiar with completing tasks online. Some worked from home occasionally, but they didn’t do their full workweeks in home offices. The internet opens opportunities for people to have conference calls with clients, submit projects, and get advice from other team members without leaving their abodes. However, it also creates more chances for online criminals to capitalize on unfamiliarity.
A survey of businesses in the United Kingdom found that only 8% of organizations offer regular security training for remote employees — a worrying figure as a remote working environment arguably offers more chances for online criminals to engage in malicious actions.
It’s harder for internet security teams to control how people use the internet when they’re at home. For example, a workplace may screen emails for dangerous files, and that doesn’t always occur at home.
Online Criminals Seized Opportunities
The global health crisis put everyone on edge. People worried about their loved ones becoming ill or getting sick themselves. They wondered if their jobs were at risk and how they would make ends meet if unemployment became a reality. As individuals became more stressed, they often got more distracted and became desperate for information that would help them feel more in control.
Cybercriminals almost immediately took advantage of these circumstances. In March 2020, there was a 131% increase in malware, plus about 600 new phishing attacks per day. Some people unwittingly downloaded dangerous viruses to their computers after receiving files they thought contained valuable information. They believed it would help them stay safe from coronavirus or give them details about how to get tested.
Another issue was that people working from home did not always have immediate access to people from their workplace that could help them verify the authenticity of unusual content. Online criminals frequently sent people material that emphasized the supposed urgency of a situation.
For example, imagine a person receives an email that seems to come from someone in the accounting department and asks for a social security number. The recipient may quickly provide it without thinking because they want to get paid without delay. However, if they were in a traditional office, they might have picked up the phone and called the accounting department to find out why someone wanted that information.
Distributed Workforces Are the Way of the Future
Remote working was becoming more popular before coronavirus introduced new threats, but it was not the norm. However, company leaders have had time to see that people can stay productive from home, and there may be no need to bring them back to their offices. That’s why some information security specialists think the distributed workforce is an emerging trend that will not go away anytime soon.
Major companies, including Twitter and Spotify, have announced that people can work from home permanently if they wish. Other decision-makers are weighing the possibility of having smaller on-site teams to cut down on the costs associated with expensive real estate in high-rent districts.
These significant shifts mean that online security professionals must implement effective ways to safeguard people and organizations from internet threats, even as employees work from home. Fortunately, staying on top of new threats and understanding how to defend them are excellent ways to do that. Informed security teams can pass their knowledge onto the larger workforce and give them actionable strategies to stay safe.