Tyler Moffitt, Webroot’s Security Analyst, explains how technology leaders can ensure the work practices of their colleagues do not put their company’s cybersecurity at risk.
Among numerous other life adjustments, the COVID-19 pandemic has caused a flurry of fresh security risks as employees settle into more permanent work-from-home environments. Employees now assume the role of IT professional for their home and the opportunity for vulnerability continues to grow as staff work outside the contained corporate network.
While we all remain physically distant, we are increasingly dependent on the Internet to keep us connected, so there’s never been a more critical time to champion cyber-safe behaviors that keep your employees, their data and your business safe.
In the early days of the pandemic, seven thousand office workers in the United States, United Kingdom, Australia/New Zealand, Germany, France, Italy, and Japan were surveyed about how their online lives had changed since the beginning of the COVID-19 pandemic.
Questions aimed to gauge their understanding of phishing along with general email and click habits. From there, the COVID-19 Clicks – How Phishing Capitalized on a Global Pandemic report was created, shining a light on what people know about phishing attacks, what makes them click on a potentially malicious link, and overall cybersecurity and cyber-resilience habits in the time of COVID-19.
It was revealed that three in 10 workers worldwide have clicked a phishing link in the past year – and in the US., that jumps to one in three. The massive increase in remote work due to COVID-19 has come with an explosion in cybercriminal activity like phishing, and the sophistication and frequency of that threat continues to rise. The idea of a malicious email isn’t new – in fact, one in four Americans say they’ve received a phishing email related to the pandemic. So why are people still clicking?
According to Dr Prashanth Rajivan, an Assistant Professor at the University of Washington, what we need to consider is that human beings aren’t necessarily good at dealing with uncertainty, which is part of why cybercriminals capitalize on upheaval (such as a global pandemic) to launch attacks.
“Cybercrime is a crime of opportunity, and that opportunity is abundant right now because of the constant connectivity work-from-home environments create,” said Webroot Security Analyst, Tyler Moffitt. “COVID-19 themed phishing lures have surged this year with some even claiming to know the location of infected individuals in your city, which also promotes disinformation. With cybercriminals strategically targeting the vulnerability surrounding the pandemic, it’s never been more critical to prioritize cyber-resilience and realize it’s everyone’s responsibility to protect their digital data just as they would their physical health.”
In the report, Dr Rajivan offers his perspective on how the COVID-19 pandemic and general increase in working from home could affect individuals’ and businesses’ cybersecurity status.
“Like with distracted driving, working while doing other household chores or even watching TV seems easy enough when doing mundane tasks, such as email processing,” says Rajivan. He notes this type of distraction can make people vulnerable and even less likely to notice or weigh the potential phishing message’s risks properly.
“Business is a collective of individuals striving toward a common goal. If the collective’s goals are aligned, then a business is more likely to succeed in achieving them. Being physically in the same space can go a long way to support the collective path. In contrast, “individuals who perceive themselves to be responsible only for themselves and no one else tend to take greater risks,” says Dr Rajivan.
While risk taking certainly has its place in business, it’s not something you want employees to build into their cybersecurity habits. Building out a plan to keep your business cyber resilient involves getting employees on board and implementing the right tools behind the scenes, like regular security awareness training and backup to help bounce back quickly in the event of a breach.
Together, preparedness and awareness will go a long way to mitigate business risk. While work-from-home does help keep us physically safe from COVID-19, an investment in educating employees and building a plan for cyber-resilience ensures you don’t get stuck with a virus (or worse) of a different kind.