[Posted on Behalf of Dan Lohrmann Chief Strategist & Chief Security Officer Security mentor, Inc. ]
From telework mistakes, to virus-related phishing links, to new work processes to nation-state hackers, here’s how the coronavirus creates new opportunities for cybercriminals.
Trevor is working from home for the first time. He loves the freedom and flexibility, but doesn’t read his company’s new BYOD policy. Sadly, he misses the fact that his home PC is not protected with updated security software nor the latest operating system patches.
Kelcie’s home PC is faster than the old work laptop that she’s been issued to use during the pandemic. She decides to use a USB stick to transfer large files back and forth between her PCs to speed things up. After a few days, she does all her work on her home PC, using a “safe” virtual desktop app. But unbeknownst to her, there is a keylogger on her home PC.
Emma is really worried about her mother’s health. She is constantly searching the Internet for the latest guidance and tips on how to get a covide-19 test quickly. To her surprise, she is finding the best information on new Asian and European websites. The URL links seem secure, all starting with https://, so she’s not worried.
Liam doesn’t like the applications he’s been given by his local government to work from home. His friends have much better web conferencing tools and other productivity apps. Even though it’s against policy, he decides to take advantage of several free offers that software companies have made, so he downloads new apps. He tells himself, “It’s just temporary during the pandemic.”
Ben is a student who suddenly has all his classes online. He was also just laid-off at the coffee shop, and has no extra money. He decides to use his neighbor’s WiFi to save cash, which he knows is unsecure but is pretty fast. Along the way, he discovers that he can also snoop on his neighbors files.
Question: What’s common across all of these situations? If you think each of them has potentially serious security concerns, you are correct.
And these situations are just the tip of a virtual iceberg of security incidents that are being created right now as the global pandemic changes the way America (and much of the world) now works. We are facing a virtual tsunami of cyber problems related to these massive changes currently happening to people, processes and technology.
Most of these security issues are not intentional nor performed with malicious intent. Nevertheless, inadequate or dated training contributes the problems. Each of the well-meaning employees mentioned at the beginning of this piece are increasing the likelihood of a data breach with their online actions.
Most experts believe that public and private sector organizations will need to address numerous data breaches as a result of the extraordinary move to almost ubiquitous working from home within a few days and without much time for planning. I will try to address some of these concerns in this blog, and point to early examples to watch and resources available to help.
Yes, But….
No doubt, contrarians will say that all this potential data breach fuss is way overblown. This coronavirus, specifically the Covid-19 virus, has no ability to hack anything. This is a health emergency, and trying to scare people, with extra FUD, while we face an international pandemic is just plain wrong. Can’t we just drop all this cyber-mumbo-jumbo and help their grandmother get connected to Zoom – or perhaps speed up client WiFi networks a bit?
Better yet, send over some rolls of toilet paper and some canned soup.
But that line of thinking, though perhaps well-intentioned, is seriously flawed. Just like March Madness, or the Olympics (by the way the 2020 version just got delayed a year) or Hurricane response, major events are often catalysts for cybercrime.
In our current global pandemic situation, this 21st century reality is not just true regarding phishing scams or fake news, most people are dramatically changing their daily routine, and online life is becoming even more important as we try to communicate while implementing social distancing. The domino-effect of this emergency has led to massive changes that are leading to security vulnerabilities for people, processes and technologies.
Comments