As if a global health crisis, mass unemployment, and harsh quarantine measures weren’t enough of a shock for humanity, the coronavirus pandemic has turned out to be a great opportunity for cybercriminals to launch cyberattacks.
The worldwide quarantine policy has compelled many businesses and organizations to become dependent on digital infrastructure, by enforcing or allowing their employees to work from home. The sudden transition from regular office work to the digital medium has caught many businesses unprepared, leaving their employees uneducated about the security challenges of remote working, such as malware, suspicious emails, and unmonitored connections to the public networks.
The coronavirus outbreak has caused an explosion in phishing attacks, with scammers sending 18 million coronavirus-related hoax e-mails to Gmail users every day. Even Zoom, a well known video-conferencing company has sparked controversy ̶ its programming code has certain security flaws that could allow strangers to access users’ messages, steal their login info and control their cameras and microphones.
Remote work is here to stay. So are the risks.
According to a Forbes article, we can talk about three main hazards when it comes to remote working. The first hazard is Wi-Fi security. Unlike office networks secured by IT managers, the weak protocols of employees’ home Wi-Fi networks (or even worse, unsecured public Wi-Fi in a random café) can make it easier for hackers to access the network’s traffic.
Another one, phishing scams, is probably the most widespread cause of data breach. Cybercriminals are creative in finding new ways of tricking users into giving up their sensitive data. Phishing can vary from simply luring the user into clicking on a bad link, to more sophisticated methods where the attacker compromises or spoofs an email account of a person/company and causes financial damage.
Finally, passwords. It doesn’t take a work of genius to crack a weak password. Even worse (or better, if you are in the hacker’s position) is using the same predictable password across several platforms and opening the doors of multiple accounts once the password is hacked. Some measures, like using long and complex passwords and their frequent changing can help to a certain degree, but at the end of the day, all passwords are hackable. Password-hacking methods are constantly evolving (phishing being just one of them), making the companies spend more than ever on IT security support. All of these issues have increased advocating for passwordless authentication, where users would sign in to trusted websites by using biometrics. According to a World Economic Forum report, the key to reducing safety risks and IT support costs is password elimination.
COVID-19 crisis – a lesson learned?
The world is now used to the “new normal” and big businesses are adapting to this new scenario by prioritizing IT security in their budget planning. Internet users are better informed about where and how to search for the needed information on COVID-19 and not to fall for pandemic-themed lures. Still, the future remains uncertain. The media is filled with gloomy predictions of new waves of the pandemic, possible lockdowns, and financial crises. One thing is certain, though cybercriminals won’t let any crisis go to waste. If nothing, this global coronavirus crisis has shown the necessity of protecting our digital identities and values with additional security steps.