Cybersecurity and COVID-19: Preventing Organizational Risks with an At-Home Workforce

April 22, 2020
LRN Corporation

Cyberattacks are the fastest growing crime segment in the United States and are expected to cost the world $6 trillion in losses in 2021. Cyberattacks aim to steal private information from businesses and individuals for illegal and nefarious purposes, and come in many forms such as phishing, hacking, and ransomware attempts.

In the wake of COVID-19, more people are working from home, and companies are scrambling to create and strengthen security protocols in a short and unexpected timeframe. This recipe for increased vulnerability puts a tremendous strain on organizations, and is the primary reason why businesses have made data privacy training and cybersecurity training a bigger part of recent compliance training initiatives.

What Employees Need to Watch Out For

Online threats are nothing new, but they are certainly ramping up during the pandemic, which is creating the potential for all sorts of problems for businesses. While the reasons for the uptick aren’t crystal clear, experts say it’s likely a result of increased internet usage and unestablished work-from-home practices creating more opportunities for criminals to exploit the situation.

Here are the most common cyberattacks happening right now that employees need to be aware of.

Phishing represents an overwhelming number of cyberattacks as evidenced by the latest numbers from CSO, which states that phishing attacks represent over 80% of security incidents in global organizations.

Most phishing attacks involve:

  • Email phishing: uses a fake domain to mimic a trusted organization or individual
  • Spear phishing: uses real user details to con users into downloading a file or clicking a link
  • Whaling: aims at tricking executives or senior staff into providing private information
  • Smishing/vishing: comes via text or phone call and tricks users into thinking one of their accounts are unsecured to gain access
  • Angler phishing: uses social media and fake websites to persuade users to divulge information or download malware

Business Email Compromise or BEC uses a new approach where criminals pretend to be an executive or vendor that needs money wired immediately. This kind of attack typically comes via email and mainly targets finance department employees.

Ransomware is one of the latest cybersecurity threats – and one of the most dangerous. In this case, not only do criminals manage to infect employee computers through a phishing attack to steal information, they then hold the data hostage until the business or employee pays a sizable ransom.

Password-related cyberattacks rely on employees using weak or identical passwords across multiple websites, apps, and tools. Here cybercriminals use stolen passwords to access secure business data by simply logging in as real users. It’s also one of the reasons why password security has seen a jump in recent years.

Keeping Information Secure

The sudden rise in cyberattackshich are six-times higher than normal over the past four weeks, has made a challenging time more difficult for everyone. However, it’s also created opportunities for businesses to take a hard look at their remote information security practices and the training that helps employees identify and react to these criminal attempts.

Since keeping information secure right now is a top priority as employees work from home, businesses should take the following steps to keep private information and their employees safe from the prying eyes of cyber criminals.

Use the Right Technology

Employees across the US are accessing business data using all types of networks, including relatively safe options such as company Virtual Private Networks (VPNs), or ones that are less secure like household routers and Wi-Fi. For businesses, this means setting up a line of technological defense that is largely impenetrable so long as employees exercise caution.

Experts recommend the following to ensure VPNs and other employee-used networks and devices are protected.

  • Install a firewall configured to let trusted employees in and keep bad actors out
  • Install (and keep up to date) advanced antivirus protection on every device employees use
  • Ensure advanced anti-spam protection is available on every employee email account
  • Implement an internet filtering tool to keep employees away from malicious websites
  • Implement end-to-end system monitoring to detect and isolate threats
  • Create and maintain a data backup recovery system on the Cloud or on a reliable network
  • Conduct a comprehensive IT security audit annually or more often as needed

Provide the Right Training

Even the most sophisticated technology can’t prevent data being stolen if an employee falls prey to a malicious email or website. In light of the increased security risk presented by the pandemic, cybersecurity training and data privacy training must be a top priority for CLOs and their teams.

In addition to traditional security courses, training employees on how to work from home effectively is just as important. By launching a working from home training program, you help ensure your remote workforce is not only prepared to ward off potential security threats, but also is prepared stay productive, focused, and in the right working mindset.

Experts say that cyberattacks start from risky behavior by employees who:

  • Share a laptop or computer with others who could be tricked into visiting malicious websites or downloading malware while using the device
  • Access unsecured networks such as Public Wi-Fi or networks without authentication or security in place
  • Open questionable emails without looking at key details such as who’s sending the email, what they’re requesting, and if links or attachments are legitimate
  • Don’t update tools and software because they’re not connecting to the company network as often or are using their own devices to complete tasks
  • Fail to log out of applications, leaving them vulnerable to data theft or deletion

Because cyberattacks can erode an organization, it’s important for employees to know just how damaging these attacks can be. Providing training on cyber and data security best practices not only educates employees on the far-reaching consequences of these sorts of attacks, it also reinforces education by putting employees in real-world scenarios that test this knowledge.

No matter how big your organization is, an effective approach to cybersecurity and data privacy training should include topics on:

  • Email, messaging, and social media security
  • Password security
  • How to work from home securely
  • The impacts of data breaches
  • The use of social engineering like employee manipulation and deception
  • HIPAA basics (for healthcare organizations and professionals)
  • Handling, protecting, and storing sensitive data
  • Using the Cloud for file access and sharing
  • Payment and transaction security

As difficult as it can be to break bad habits around technology use and to change how day-to-day tasks are performed in the short term, the long-term benefits of security awareness and training are hard to ignore- especially now. After all, it saves businesses money, time, and plenty of operational headaches.

Working Remotely Doesn’t Have to Be Risky

While the volume of cyberattacks may be rising, the risks posed to your organization don’t have to. As long as your business is exercising basic security procedures and making an effort to reinforce learning with more frequent reminders and education, your information should stay safe.

By providing employees with ways to learn and practice good security hygiene and giving them the tools and connections to keep company data secure, we can help “flatten the curve” on cybercrime at an important time.

Interactive Services provides comprehensive training on critical and timely topics such as cybersecurity training, data privacy training, and working from home training to help organizations and employees thrive during this difficult time. Discover more about our award-winning training programs by signing up for a FREE 7-day trial or by contacting us for a quick demo.

About the Author

LRN Corporation

Ethics and compliance leader providing tools, education, and advisory services for global companies to inspire principled performance. LRN’s overall approach recognizes the inherent limitations of rules and regulations in influencing behaviors. In our view, focusing on actions that help build and maintain a values-based culture will mean more compliance and reduced costs as a result of tangible and sustainable behavioral change.

More Content by LRN Corporation

Most Recent Posts

Strengthening civil institutions: Why anti-corruption isn’t just about compliance

Strengthening civil institutions: Why anti-corruption isn’t just about compliance

LRN Senior Advisor Susan Divers shares how recent focus on anti-corruption promotes good corporate governance.

Learn More
4 key themes in our new report on corporate culture, ethics, and the boardroom

4 key themes in our new report on corporate culture, ethics, and the boardroom

The new ACE report from LRN and Tapestry Networks reveals four key themes about the board of directors perspective on culture, ethics, and compliance.

Learn More
The power of stories: 4 insightful approaches to DEI conversations

The power of stories: 4 insightful approaches to DEI conversations

In LRN’s latest webcast, DEI experts discuss how stories build empathy, guide decisions, and foster strong workplace cultures.

Learn More