A new wave of work-from-home threats

How hackers are exploiting Covid-19

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

With most of the world now working from home due to the coronavirus disease (COVID-19), businesses are facing unprecedented cybersecurity challenges. Unfortunately, one of those challenges is that hackers are already attempting to capitalise on the crisis by attacking with viruses of their own. In fact, thousands of COVID-19-related websites are being launched by cybercriminals. Tragically, COVID-19-themed domain registrations are 50 per cent more likely to be from malicious actors.

Most of these sites include phishing scams exploiting staffs natural desire to stay up to date on what’s going on. Directing traffic to these fraudulent sites are malicious email campaigns that use phishing and even social engineering tactics to incent action on the part of the user.

This explosion of threats has already caught the attention of the FBI, which has issued warnings of an increase in fraudulent crimes related to the coronavirus. Cybercrimes being seen across the globe include fake CDC emails, phishing emails related to stimulus checks, and the promotion of fake COVID-19 treatments and/or products.

With staff now forced to work outside the network perimeter, businesses face the risk of their internal data being attacked. The surge of videoconferencing, remote access, and VPN services in the home are, sadly, greatly expanding the attack surface that hackers can exploit and gain entrance into a corporate network.

VPNs are an obvious target. Concerns over VPN security predate COVID-19. That’s why the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S., issued an alert that pointed to specific work-from-home vulnerabilities that are zeroing in on potential VPN cyberattacks. The alert advised the use of strong passwords and multifactor authentication on all VPN connections to increase security.

So, what can be done? These are some tools and ideas that can make the work-from-home experience more manageable:

The home workplace

Set up a home workplace. For many workers, setting up an area at home to work is a completely new experience. It goes much further than simply having a laptop of computer. After identifying a dedicated work area, workers should take inventory of specific items they need. This could include noise cancelling headphones, blue light blocking glasses, USB desktop microphones, and more.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Get up to speed on collaboration software. For the foreseeable future, internal teams are going to greatly depend on enterprise software, whether it isMicrosoftTeams, Slack, orSalesforce. Video-conferencing software like Zoom and GoTo Meeting have become near essential for teams and colleagues. In the rush, employees are not being onboarded with new solutions as often as is normally the case. Thus, they are turning to the likes ofYouTubefor instructions.

Add essential devices for productivity. No matter the nature of work, work-from-home employees should all have a high-quality printer, a high-speed router, a good headset, phone and tablet chargers, and, of course, a great coffee maker. You may also want to consider a stand-up desk or ergonomic chairs.

Remain vigilant about security. In addition to adhering to company security parameters, users should remember to log out of the network when not in use, always use a strong password, and never click on an email or link that seems suspicious. Remember to get COVID-19 information only from known sources, not from a stranger’s email.

How businesses can respond to new work-from-home threats

As organisations and workers navigate this new work-from-home world and the threats that come with it, the World Economic Forum has provided a checklist of ways that individual users and businesses can protect from cyberattacks during COVID-19 that are helpful:

Individual users play an important part in a secure work-from-home environment as well. The World Economic Forum provides guidance for them:

The work-from-home experience is far from ideal for development teams. Individuals are more likely to be more fragmented, with potential interruptions that threaten to derail any coding momentum they’ve built throughout the day. For example, dynamic application security testing (DAST) and static application security testing (SAST) are good tools for identifying coding vulnerabilities, but they limit productivity since they only provide a snapshot in time and can’t keep up with today’s agile software development lifecycle processes.

Application security (AppSec) policies can help ensure worker productivity even in a remote location. AppSec also means faster release cycles so important releases for work-from-home scenarios are delivered quickly. This can only happen when AppSec is integrated into the application using instrumentation, so that vulnerabilities are identified and remediated in the coding process by developers. The truth is that developers do not have time for manual vulnerability identification and verification of their remediation. They require an AppSec platform that removes the burden from them without creating any negative impact on the process itself. Plus, shifting the vulnerability management left to the build phase makes security a critical part of the software development process, allowing developers to save valuable time.

From the looks of the current situation, it seems as if the work-from-home experience is going to be significant, perhaps lasting months. This is a big adjustment for both employees and business leaders. But with good solutions and technologies in place, I’m confident that a productive and secure model of remote working can emerge, one that will positively impact how we work moving forward.

Tim Freestone, VP,Contrast Security

Tim Freestone is VP of Corporate Marketing at Contrast Security, the leader in security technology that enables applications to protect themselves against cyberattacks, heralding the new era of self-protecting software.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics