Australian Businesses and Cybersecurity: How COVID-19 and Remote Working Increased Risks of Cyberattacks

Abrupt and unexpected are two of the adjectives most commonly used when describing the shift to working remotely that the global workforce has faced in response to the COVID-19 pandemic. No sector has been spared, including government operations, private businesses, and institutions of education.

This seismic shift not only impacted the millions of people who found themselves working from home for the first time in Australia and around the globe, but it also stressed the complex technology infrastructures that were unexpectedly required to support massive amounts of traffic.

Businesses and leaders in technology have met the challenges posed by the recent work at home reality head on. Unfortunately, intertwined with the positive work being done to make working from home possible, there are hackers and bad actors who have seen this sudden change as an opportunity to exploit potential weaknesses in the technological infrastructure backing the newly decentralized workforce.

In their haste to get employees back to work and provide their products and services to customers, some enterprises have been blinded to the increasing security risks that having employees work from home present. 

Will Ellis from Privacy Australia advises: “For businesses to survive this period of transition with minimal damage, they need to not only be aware of the risk, but they must actively take steps to bolster up their infrastructure by taking advantage of security features like VPNs to minimize their exposure to cybersecurity risks. Avoid using too cheap or free VPN services because they could install malware on your computer, or harvest your personal and financial data. Make sure your VPN provider has a no-logging policy.”

Understanding the Cyber Security Risks Posed by Remote Working Environments

Social distancing and remote working are the backbone of Australia’s, and the world’s, fight against COVID-19. There is no sign that these things will go away soon.

One reason why cyber security risks increase for remote workers is that many enterprises do not have the bandwidth or server capacity to allow a dispersed group of remote workers to securely access their server without impacting the remote workers’ ability to do their job productively.

Because of the abrupt nature of the shelter in place orders issued by the government, businesses have been left frantically trying to purchase and provide employees with company issued laptops or at least security software designed to mitigate cyber security issues.

Organizations have been forced to expand their relationship with vendors or forge relationships with new vendors and platforms with the goal of supporting their workforce. All of this is at a time when demand for these services is driving their price skyward. All of this is being done at such a rapid pace that many enterprises do not have the time to do their due diligence where privacy and security issues are concerned. Worse yet, they lack the time to adequately train their employees on using new security software.

How Employees Are Dealing with Work from Home Cyber Security Threats

While employers are frantically trying to implement security protocol, their employees are becoming frustrated because they cannot access the information they need using a company computer or are having difficulty navigating new security software. Inevitably, employees resort back to using their personal devices and personal email accounts to communicate with each other and clients. The result is that sensitive information is being sent and received via networks and devices that do not have the proper security measures in place.

This problem is compounded by the fact that most employees do not have experience working from home. They are accustomed to working in an office environment where security concerns are handled by an IT department. As a result, many work-at-home employees are not sensitized to the potential dangers that exist in sharing confidential or personal business-related information using unsecured networks.

We face a conundrum. On the one hand, sheltering in place and working from home are the socially responsible things to do. On the other hand, it has made employees and those they work for more susceptible to phishing attacks, fraud, and malware.

Sounding the Alarm on a Global Scale

Since the COVID-19 pandemic darkened our shores, the Australian government, the US government, and many other global organizations have provided clear warnings regarding the spike in fraud, cyber attacks, and phishing scams.

The US Department of Homeland Security has warned that nefarious individuals might use the COVID-19 pandemic as an excuse to send focused emails that have malicious attachments or that direct users to a fraudulent website. The World Health Organization also identified coronavirus themed phishing attacks. Attackers pretending to be from the WHO request sensitive information and then infect an individual’s equipment with malware.

Practical Steps to Mitigate Risk

It’s understandable that business owners have been focused on continuing operations with the least amount of disruption. However, now is the time for business owners to prioritize cyber security. For many businesses, this will be a monumental effort, so it will require all hands-on deck.

1. Prioritize Employee Engagement and Training. Let your employees know what security risks they may face when working at home. Train them on steps they can take to minimize these risks. This training should be a recurring thing.
2. Review and Update Internal Security Policies. Look at your enterprise’s security practices focusing on policies for the use of personal devices, remote work, the prior approval of devices, and the installation of software that allows for the deletion of business data from a device.
3. Update Disaster Recovery Plans. Your disaster recovery plans, your incident response plans, and data security plans should be updated to reflect the reality of a remote workforce. Tabletop exercises should be conducted with your cyber security team with remote working in mind.
4. Reevaluate Your Insurance Coverage. Does your enterprise’s insurance coverage extend to ensure a remote workforce? If not, now may be the time to make some changes.
5. Start Interviewing Third-Party Vendors. Evaluate third-party vendors. This should not be a rushed process. Scrutinize their security procedures and history. The pandemic has created an opportunity and there will be several third-party vendors that come on the scene to fill the need. Make sure that the vendors you use have a security protocol in place that coincides with your own.

There are many indications that working from home will be the reality for many people long after the threat of the pandemic has passed. Businesses that take work from home cyber security seriously today will be those who will thrive going forward.