Coronavirus: Hackers target users working from home in absence of secure networks
Employees using unsecured networks and BYOD could lead to corporate data getting exposed to cybercriminals.
With several Indian organisations implementing work from home for employees in the wake of growing COVID-19 threat, hackers have turned their eyes on breaking into companies' networks and systems in absence of robust, multi-layered firewall and security solutions within the boundaries of workers' homes.
Over 20 lakh employees are likely to work from home -- mainly in the Indian IT sector -- but how many of them have installed best security practices at home to ensure the security of confidential organisational data is the biggest worry, say leading industry experts.
"Threat actors are lurking into this phenomenon as an opportunity. Multiple instances of malicious, automated emails have been reported in several continents, including India, that are getting spooled with 'Coronavirus' as a theme," Sanjay Katkar, Joint Managing Director and CTO, Quick Heal Technologies, told IANS.
The work-from-home chants could lead to corporate data getting exposed to cybercriminals with many employees using unsecured networks and BYOD (bring your own device) to access enterprise networks.
"Businesses who have not prepared for work from home scenario are likely to have employees using their personal devices like smartphones which may not have the same level of security as a corporate-owned device," Katkar added.
The Silicon Valley in India is virtually under a lock-down for some days owing to the new coronavirus pandemic. Most of the top tech firms, including global tech companies with facilities in India, have asked their staff to work from home.
In such a scenario, it is important for businesses and employees to ensure safety and security of their data to avoid any disruptions.
According to an Avast survey out on Monday, 39.32 per cent people globally said that they don't receive the technological support or expertise from their employer, when they are working from home or in a public place, which makes security a concerning issue.
"Nearly 28 per cent of Indians are not aware of their router's web administrative interface," said the survey.
Jaya Baloo, chief information security officer at Avast, said that companies need to make sure employees use pre-approved laptops and smartphones to access corporate materials, including their emails, tools and documents.
"These devices should have business-grade security solutions installed on them and be controlled by the company IT department, if applicable," Baloo added.
On the other hand, "employees need to secure their home router making it their first line of defense while also looking out for phishing mails and sites and ensure their personal devices are well-protected", suggested Katkar.
According to Devashish Sharma, CTO, Flock, the workplace collaboration and communication platform, the first and foremost step is to use a secure workplace collaboration platform that enables seamless communication across teams.
"The next step is to build awareness among employees about the risk and repercussions of a security breach, for this the top leadership has to educate themselves first about security practices," said Sharma.
It is often a misconception that large enterprises are more at risk when it comes to data breach.
"Small and medium enterprises too should take steps towards educating every individual in the organisation. Additionally it is extremely vital to empower the IT team to take decisions around security by helping them undertake training and courses that are relevant to their profile," Sharma told IANS.
Another key standard practice is to ensure there is encryption. When it comes to software, end-to-end encryption and multi-factor authentication are both must-have features.
While working from home during the outbreak, employees should also be on the lookout for phishing emails related to the coronavirus including spear phishing emails.
Paul Ducklin, Principal Research Scientist at cybersecurity firm Sophos said that "Shadow IT" is where non-IT staff finds its own ways of solving technical problems, for convenience or speed.
"We're living in tricky times, so try not to let matters of public health cause the sort of friction that gets in the way of doing cybersecurity properly," said Ducklin.