The cybersecurity landscape has shifted dramatically in the past year since the start of the COVID-19 pandemic. At times, 2020 seems to have passed us by in a blur, but it seemed to drag on for years and years for others.
Cybersecurity threats created or accelerated by COVID-19 and other events of 2020 include data leaks, new threats to education, the new standard of working from home, new malware styles, and pandemic-related attacks. As we begin to see the light at the end of the tunnel, we realize that our business practices will never be the same. Businesses and individuals have evolved in response to societal changes and everyone has adjusted (or is adjusting) to the new standards.
Changes were influenced by how (and where) people work.
In the spring of 2020, as the pandemic started to affect individuals and companies, the business world was forced to undergo a dramatic digital revolution. Even if the equipment was ready, not every employee was. For the first time in much of our lives, we were faced with the very real possibility of losing our jobs, afraid for our health, or being trapped and unable to leave the house.
Among those whose jobs were unaffected, the change was still impactful. We went from feeling close in the workplace to feeling isolated at home with no time to prepare. The battle would only get more difficult for cybersecurity workers, who were already overwhelmed when the world changed. Companies started receiving COVID-related spam and attacks almost immediately. Social engineering attacks like these work because they exploit emotion and give the illusion that something has to be done immediately. People were suddenly working from home when their children were studying online.
How long will employees continue working from home?
A hybrid or entirely remote work arrangement is becoming the norm for many offices. As a result, it seems that these cybersecurity developments will continue far into 2021. How do we know the work-from-home trend won't continue until the pandemic is completely contained? After all, we are becoming used to this new normal. Many executives are appreciating the fact that their calendars aren't packed with flights, business trips, and in-person meetings that might have been less productive than they thought. Employees are highly productive, People are actually working instead of coming into the workplace and wasting four hours of their day in meetings and chatting around the water cooler.
Work from Home Threats
Although these efficiencies are valuable in the business world, they aren't ideal for cybersecurity, particularly given the number of threats that exist at home.
The increasing number of Internet-connected computers in our homes puts the company at risk. Many of us have smart assistants such as Alexa or Google Home, or we have children who use the Internet for school and gaming at home. Each device connected to the same home Internet connection adds another point of entry for hackers looking to obtain access to the home network and, ultimately into company networks.
The fact that many businesses haven't prioritized cybersecurity adds to the gravity of the situation. After all, they're terrified of going out of business, so their primary goal is to generate revenue and make it through the pandemic.
COVID Twists on Classic Scams
In addition to threats in the workplace, scam artists made COVID-centric adjustments to their usual scam tactics to prey on the emotions of their targets.
- Scam artists are trying to profit from the introduction of COVID vaccines.
- Text scams involving COVID-19 can falsely advertise a cure or sell bogus tests.
- Robocall scams have targeted COVID-19-related health and financial issues.
- With the popularity of online shopping increasing, so are the number of delivery notice scam calls and emails
- Scam artists are trying to steal insurance information, money or both.
- Peer-to-peer mobile payment apps help consumers avoid exchanging physical cash, but fall victim to scams and security flaws, leaving them penniless.
Adjusting Habits to Stay Ahead of Threats
There isn’t a single person around the world who doesn’t have to worry about the increase in security threats caused by the COVID-19 pandemic. For us to keep up, cybersecurity awareness training needs to take place at every level: personal, family, company, and global.
People need to let go of the idea that they have nothing that needs to be hidden or that nothing they have holds value to hackers. We have so much information in our pockets. Our phones and computers are among the most risky things we can lose. Think about it: would you rather lose your phone or your wallet? Whether you realize it or not, your personal information holds value to hackers, even if you don’t have a penny to your name.
What exactly should we be doing to protect ourselves and our companies from the emerging threats caused by the pandemic?
- If you have a company, invest in browser security tools for each and every computer that connects to your company’s network. It doesn’t matter if the computers are company-owned or employee-owned. Every device that touches the network creates a point-of-entry for threats.
- If you use a computer for any activity or you have children who use the computer for any activity, install browser protection to block scams, malware, and other threats encountered online. Threats are becoming so advanced that even the most tech-savvy individuals are falling victim.
- Create strong passwords and get out of the habit of using the same password across multiple accounts. When one of those accounts is hacked, you’ve handed over control of every account with the same password to the hacker on a silver platter.
- Keep the programs on your computer up to date and encourage others around you to do the same. Every software update allows hackers to see what vulnerabilities have been fixed so any device without the update is at risk, as are those with connections to the device.
Take steps to protect your work-from-home atmosphere as well: Safety First: Working Remotely During Coronavirus.