Businesses warned over home working risks

Organisations need to be alert to a wide range of potential risks as a result of additional employees working from home due to the measures being taken to address the COVID-19 outbreak.

Dr Duncan Hodges, senior lecturer in cyberspace operations at Cranfield University, warns that there is likely to be an increase in attacks targeting remote desktop solutions and video conferencing software: “This is particularly likely to be a problem where products have laid dormant without being updated or only used within a corporate network for a period of time and are now being made available outside the traditional corporate network – the recent BlueKeep attack vector is one we’re likely to see increasingly over the next week or so.”

Traditionally a home network has been considered a less secure part of a corporate network, as well as a corporate laptop on the network there will also be the family’s personal computers, tablets and phones as well as a host of smart home devices. Any home network will only be as secure as the most vulnerable of these devices.

Hodges added: “We can also expect more of the corporate data to be moved to cloud hosting solutions to allow for remote working – whilst some of this will be within corporate solutions it would be naïve to think that there won’t be an increase in data being moved to shadow IT infrastructure. This is where data is moved to other personal solutions outside a corporate network because an employee ‘needs to get a job done’ and the corporate solutions don’t work – for example using personal email accounts or accounts on Dropbox, for example. This move of data to external cloud providers could increase the risk of a data breach.”

There is also an potential increased risk of phishing related to COVID-19 and this is another potential threat that staff should be vigilant about. “We’re definitely seeing an uptick in phishing related to the coronavirus, for example malware masquerading as fake antivirus, and VPN solutions all aimed at capitalising on the change to remote working,” said Hodges. “We’ve also seen phishing campaigns in Japan which purported to come from the state welfare offices but downloaded a trojan designed to steal money from bank accounts. WHO have also warned of phishing attacks pretending to be a charitable relief fund. We can also expect to see fraudulent activity surrounding either the selling of hard-to-find items or fake antiviral equipment.”

    Share Story:

Recent Stories