Batten down the hatches: Increase in COVID scams targeting remote workers

Batten down the hatches: Increase in COVID scams targeting remote workers

Batten down the hatches: increase in COVID scams targeting remote workers

Businesses are now quickly learning how to secure the network with increasingly complex requirements. Jamie Humphrey, General Manager Australian and New Zealand, Rubrik, explains how businesses can protect themselves from COVID-19 scams.

The pandemic-induced rush to work from home has quickly reduced visibility of the network for IT teams of businesses of all sizes. This rush has left staff literally to their own devices and more prone to breaches, particularly with COVID-related scams on the rise using phishing emails and phone calls impersonating the World Health Organization, for example. It’s also led to another familiar natural consequence of staff being away from the office: Shadow IT.

Businesses are now quickly learning how to secure the network with increasingly complex requirements, while also keeping staff happy and engaged using the devices and apps they’re comfortable using from home.

If these lessons are heeded, the world will be ready to make this temporary work era something more permanent and bring with them a new era of efficiency and productivity.

But a few more checks and balances when it comes to security need to be considered before organizations dive in completely.

A long time coming
The implementation of “telecommuting” strategies has been a slow burn despite the promises of productivity increases and happier staff. Recent research from Gartner found that demand for remote work will increase by 30 percent, led by a demand driven by Generation Z – while a significant number, that’s an increase over a full decade and suggests that telecommuting wasn’t an immediate priority.

Further, a litany of failed WFH initiatives left many organizations cautious, with Yahoo’s decision in 2013 to ban working from home heralded by some as the collapse of home working.

However, the pandemic, quite clearly, has changed everything. A recent survey found that nearly 50 percent of organizations now have 81 percent or more of their staff working remotely as a result of the pandemic, with another 15 percent of respondents claiming between 61-80 percent of staff were working remotely.

For many businesses, those changes could be permanent. Optus, Australia’s second largest Telco, has already stated that its work-from-home measures will remain a permanent feature for its call center operations in Australia.

Yet if Optus’ mandate is to become the norm for other businesses too, the convenience of working from home – including using one’s own device and applications – needs to be balanced with an increased focus on security. Unfortunately for organizations, it appears cyberthreats are taking advantage of the sudden shift and have ramped up their attacks.

Securing an increased edge
If Bring-Your-Own-Device (BYOD) and Shadow IT were cybersecurity concerns pre-COVID-19, the pandemic has brought with it a new wave of increased pressure on IT teams. A recent survey revealed that 71 percent of security professionals had reported an increase in security threats or attacks since the start of the virus outbreak, while nearly half (47 percent) of respondents claimed home workers using shadow IT represented a major problem.

Hackers are taking the opportunity to pounce, with the FBI warning that cyberattacks targeting those who work from home have increased during COVID-19. Meanwhile, according to the Australian Cybersecurity Center, since early March 2020 there has been “a significant increase in COVID-19 themed malicious cyber activity across Australia”:

“Between 10 and 26 March, the ACSC has received over 45 cybercrime and cybersecurity incident reports from individuals and businesses, all related to COVID-19 themed scam and phishing activity.”

The true number of incidents is likely to be greater as these figures only account for incidents reported.

More endpoints equate to more opportunities for breaches to occur, and it only takes a stray click of one malicious link for ransomware to infect an entire network.

Bouncing back
Endpoint security, particularly with the increase in devices on the network, should be a chief concern for IT teams.

But an ability to bounce back in the event of a breach is just as critical, if not more so given the increase in endpoints and the subsequent increased likelihood of a breach. Ensuring all critical data is backed up frequently ensures that, in the event of a breach or ransomware attack, organizations can quickly get back online and working again.

This happened in 2016 when Langs Building Supplies was infected by the CryptoLocker ransomware after an employee fell victim to a phishing email. Within minutes, thousands of the company’s files were encrypted. Because Langs had a well-defined data management policy and immutable back-up solution, they restored operations in less than an hour without paying the ransom.

With the right platforms in place, businesses can react and recover quickly and reduce downtime while balancing the work-from-home needs of staff, from technology to wellbeing.

Organizations are beginning to see the benefits of working from home, with some preparing to make the move permanent for staff. Those looking to keep employees happy and engaged while working remotely will need to provide some wiggle room with regards to Shadow IT and device access.

Once the right tools become commonplace, organizations will be able to strike a better balance between flexibility and security and be better equipped to enable a more flexible working environment.

Browse our latest issue

Intelligent CIO APAC

View Magazine Archive