Remote-Working Errors Increase Risk

Wednesday, August 5, 2020

The increasing use of teleworking and reliance on the internet during the COVID-19 pandemic has created an environment that is ripe for cyberthreats.

According to a study from Tessian, a technology company that focuses on email security, nearly half of employees in the United States and United Kingdom have made errors leading to cybersecurity consequences. The analysis was conducted during the COVID-19 pandemic, and it suggests that the disruption, stress and distractions of remote working make organizations more vulnerable to cyberattacks that are caused by human error.

A quarter of those surveyed admitted to clicking on a link in a phishing email while at work. Surprisingly, this most occurred in the technology sector (47%), where you might think employees would know better. Major reasons listed for clicking on phishing links were distraction, fatigue, perceived legitimacy of email and because emails supposedly came from a senior executive or well-known vendor/brand. Distraction was listed as the main reason for falling for a phishing scam and for sending an email to the wrong person. Sending email to a wrong person can result in information disclosure and can be particularly damaging if the type of data sent is restricted or highly restricted data (e.g., sensitive or confidential). Notably, 57% of workers stated they are more distracted when working from home.

According to data from another report by NetMotion, a software company that provides solution for remote workers, cybersecurity threats have risen as remote workers visit more “risky” websites outside of corporate networks. The analysis, which was also derived from data during the pandemic, revealed that employees clicked on 76,440 links that took them to potentially dangerous websites. The most common types of high-risk sites were botnets (a number of internet-connected devices that can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allow attackers to access the device), malware sites, spam and adware, and phishing and fraud sites. The graphic on the next page shows a breakdown of this information. Almost 1 in 5 risky links led to sites containing spam, adware or malware.

With working from home becoming much more common, organizations must prioritize cybersecurity at the human layer and need to focus on providing more extensive user awareness training. This requires understanding employee behaviors and teaching safe cybersecurity practices to everyone. Proper education on social engineering attacks, phishing tactics and other commonly used tactics to trick users can make the difference between one unknowingly falling for a scam and one who can spot questionable, suspicious, or malicious web content.

While recent attacks have primarily revolved around COVID-19 themes, the actual tactics used have not been especially novel; they are just increased and more targeted. Sometimes the basic things are what will significantly reduce the risk of falling prey to a cyber threat.

  • Secure all devices, including mobile computing devices.
  • Keep all devices up to date with software patches.
  • Have anti-malware software installed and keep it up to date.
  • Use unique and complex passwords for all accounts.
  • MOST IMPORTANT: Practice safe computer habits such as not replying to or clicking links in unsolicited texts and email messages.

Learn more ways to stay safe while teleworking.