The pandemic has prompted many companies to allow their employees to work from home. However, increased external access to company data has opened up many opportunities for cybercriminals as well.
The coronavirus pandemic has brought an end to office meetings, coffee breaks and water cooler chats for the time being, leaving many employees just sitting alone in front of a screen.
For cybercriminals, they're akin to sitting ducks.
According to the German IT industry association Bitkom in March, every second employee now works fully or partially from home. With that figure comes a number of technical challenges. Instead of sitting in front of their work computer, suddenly these people are now sitting at home and often working from their private network.
"From a purely technical standpoint, home offices open up loopholes where there were none before," says Arwid Zang, managing director of the IT security platform Greenhats. Companies that are aware of these loopholes regularly have them monitored and secured from the outside.
The bigger danger is employees without any security. "Individuals were always a risk, but now there are even more opportunities to catch them on the wrong foot in their home office," says Zang.
With employees now constantly facing new ways of working due to the pandemic, they are less likely to question changes. Hackers can "take advantage of these fears and write emails that look like official communications from authorities, for example on the subject of short-time work benefits," according to Zang. These emails often open them up to phishing attacks, through which their data is stolen.
Other fraudsters instead pretend to be a company. They take an Internet address that's similar to a known company's name, perhaps just adding.eu to the ending, and then send an email to an employee requesting them to log in to the supposed company portal. If someone falls for the scam, then the hacker has all of their work data.
"In principle, increased home office use results in expanded, and in some cases improved, chances of attack," says Sebastian Wolf, a spokesman for a German state criminal investigation office.
Social engineering – ie social manipulation – becomes easier when people are physically separated. However, while the first wave didn't appear to lead to an increase in the number of cyberattacks on home offices, that doesn't necessarily mean that they didn't happen.
Many companies keep quiet about hacking attacks because they're afraid of losing their customers' trust. "The stigmatisation of affected companies is still a problem," says Sebastian Artz, who works for Bitkom. As businesses are finally getting over the shock of the pandemic, they can now start to focus more on IT security.
It's important to maintain "a balance of user-friendly access to company data from the home office and appropriate protection of IT infrastructure," adds Artz. Two-factor authentication, for example, could work. Greenhats recommends simulating hacker attacks at irregular intervals in order to train employees on how to react.
Even after the pandemic is over, the challenges facing companies won't grow any less, says Artz. "It will be interesting when employees return to the office. Companies should start thinking now about how to prevent possibly infected devices and data from being brought into the company network," says the expert from Bitkom. – dpa
Did you find this article insightful?
100% readers found this article insightful