As the outbreak and spread of COVID-19 continues to disrupt health, economic, political and social systems, the risks to online networks are greater than ever before.
The World Health Organisation (WHO) has confirmed that hackers and cyber scammers are taking malicious advantage of the pandemic. Cybercriminals are posing as WHO in fraudulent emails to install malware and steal sensitive information.
With a heightened dependency on global digital infrastructure, ensuring effective cybersecurity measures are in place is more important than ever before.
So what are the risks facing online users? Dr Surya Nepal is a Group Leader and Senior Principal Research Scientist of our Distributed Systems Security team. He shares what organisations need to consider when preparing for the majority of their workforce to work from home.
Cybersecurity considerations amidst COVID-19
The COVID-19 pandemic has led to a large volume of workers moving to undertake their work from home.
Many companies are implementing national guidance to protect their workforce during the COVID-19 outbreak by encouraging staff to work from home. However, the increased use of Bring Your Own Device (BYOD) and connectivity through shared home-environments presents additional cybersecurity risks.
Surya said there are three elements to cybersecurity that need to be considered in order to safeguard IT environments.
1. The human element
According to Surya's research: "The human is the weakest link in cybersecurity."
Social distancing and self-isolation can increase levels of stress and anxiety. These heightened emotions impact the likeliness of human error. Which, in turn, increases the risk of individuals falling victim to phishing attacks or social engineering attacks.
2. Technical preparedness
The more people working from home, the more risk of unsecured connections occurring in these organisations’ networks. There is also a risk of mishandling sensitive data, such as credentials and passwords. Logging in and working online from the potentially unsecured personal devices we use at home can create many vulnerabilities.
3. Data and network security governance and policy
Part of this is making sure employees are informed and educated when it comes to connecting to their network or using teleconferencing. Several approaches to cybersecurity governance exist. However, they are often lacking the insight essential in ensuring organisations can mitigate cyber risks.
Data61's Human Centric Cyber Security team is focusing their efforts on identifying cybersecurity governance needs and remedies.
For the full version of this article head on over to our Algorithm blog.