Remote working because of CORONAVIRUS...
... raises the risk of your systems being infected.
It’s obvious that the global spread of Coronavirus is having an impact on public health; and that it also has profound implications for the world’s economy. But another (less obvious) area which could be adversely affected by Coronavirus is Cybersecurity, as increasing numbers of people are required to work remotely.
This is because away from their usual workplace, employees may not be able to rely on the same level of protection against Cyber threats that they normally take for granted in their workplace. One of the biggest risks is of employees using their own devices to perform the work they would usually undertake on a workplace computer. Frequently, the level of protection that users have installed on their personal devices is less robust and up-to-date than that on those provided by their employer, thus increasing the possibility of a Cyber attacker penetrating the defences, and potentially gaining access not just to the device in question, but then to the organization’s wider network in turn.
There is also the possibility that individuals’ own devices are already infected with viruses or some form of malware, again putting the wider organization’s systems at risk. Nor do personal devices normally provide the same level of monitoring of activity, meaning that potential threats and anomalies cannot be detected.
Likewise, individuals’ home Wifi systems are unlikely to be anywhere near as secure as the ‘industrial strength’ ones in place at their usual work location; and of course the lure of the coffee shop will probably mean that at least some employees choose to work from a public place, rather than home, and use public Wifi – with all the potential security exposures that this entails – to perform work activities.
Equally, physical security risks are of course exacerbated when employees work in public spaces – such as "shoulder-surfing" – other people being able to see passwords as they are being typed in – not to mention the increased likelihood of devices being lost or stolen.
In the context of the Coronavirus epidemic, organizations may consider that there is no option other than their employees working from home. But as part of this, they should do everything they can to ensure that their staff are made fully aware of the Cyber risks which come with this, and the best practices they should observe in mitigating these risks.
And they need to do this immediately – because not only does remote working in response to Coronavirus make organizations more vulnerable to Cyber attacks, given all the other challenges they are facing as a result of the epidemic, their ability to respond in the event of a breach is also likely to be seriously impaired. Even under normal circumstances, a Cyber breach can pose an existential threat to a business – in the context of Coronavirus, the likelihood of this has increased significantly.