Over 300 million office workers globally are estimated to be performing their duties at home as per figures of the US Bureau of Labor Statistics and Boston Consulting Group.
Employees are logging into different sites, attending virtual meetings, and accessing sensitive company data via the internet leaving them exposed to higher cyber risks.
While digital tools offer excellent support for remote workers, this unprecedented shifting of work patterns on such a massive scale will pave the way for cyber risks.
Are our governments and companies adequately prepared for the changes in cybersecurity risk?
It’s an unfortunate reality that in such times of humanitarian crisis, we can afford to speak about cybersecurity. We have observed several warning signs.
As #COVID-19 broke out, branded website and domain names began to mushroom. Cybercriminals have started using these domain names to masquerade as legitimate $COVID-19 information sites.
They are also sending phishing emails that appear to come from legitimate organizations such as the Rwanda Biomedical Centre and the World Health Organization, but that actually contain malicious links or attachments.
In one case, social media users such as WhatsApp continue receiving messages offering a link to a purported Telecom free data offer during this #COVID-19 pandemic as many people are at home and yawning for data bundles especially the youth and other vulnerable persons struggling to keep abreast of information.
But when the link is followed, whoever clicked on the link purporting to be a #COVID-19 free data bundle offer from a renown telecom company were redirected to enter user credentials and asked to share the phishing message to other social media users, giving cybercriminals access to individual private email accounts and details as well as reaching a larger audience at the easiest path of all.
By implementing a number of practical training, process, and technology measures, organizations can avoid adding a cyber-crisis to the challenges associated with #COVID-19.
As they work at home, instead of speaking with IT and cybersecurity help desks via an internal phone system, workers will resort to the use of their mobile phones as the only available mechanism which per se is vulnerable to hacking.
Warnings to heed
Intelligence and Security agencies understand that, the cyber risk has never been at its most peak as it is now.
FBI has issued a warning about Kwampirs malware targeting supply chains including the healthcare industry – Kwampirs is a backdoor Trojan that grants remote computer access to attackers.
Meanwhile, Microsoft is also warning hospitals to watch out for sophisticated ransomware attacks that could target them through their VPNs and other network devices.
The company has already sent targeted notifications to dozens of hospitals around the world who are at the risk of falling prey to cyber fraud.
Rwanda Information Society Authority (RISA) has cautioned the government on reliance on such open-source video conferencing apps and warned against possible vulnerability to cyber scamming by a number of fraudsters operating online globally.
The massive shifting to remote working can put existing infrastructure and security measures to new and extreme tests.
Remote working has been a growing trend for a while, IT and cybersecurity professionals at most companies have worked diligently over the years to safeguard their systems, but very ever anticipated the scale and suddenness of this transformation. So, do companies have adequate infrastructure in place to support it?
What to avoid?
Do not just click on links in emails and other untrusted sources. If you see the email as legitimate, whether from a third-party retailer or primary retailer, go to the site and browse directly.
Any notification or service offering which was referenced to in the email, if valid, will be available via regular log on.
Never rush to open the attachments. Retailers will not prefer sending emails with attachments. If you’re doubting, please cast the doubt and contact the seller directly and ask whether the email with the attachment was truly sent from them.
Never disclose personal information over the phone or in an email unless completely sure of the destined recipient.
Social engineering refers to process of deceiving/enticing individuals into providing their personal information/data to seemingly trusted agents who turn out to be malicious actors.
So do not fall prey to this, just because they may have some of your information does not mean they are legitimate.
Whenever managing your data, set secure passwords and don’t share them with anyone. When choosing your password avoid using common words, phrases, or personal information, and update regularly.
So, what next?
The necessary technologies, digital tools, and procedures for mitigating the cybersecurity threat are available, governments and corporate agencies should invest heavily in protecting their data as one way of mitigating the effects of COVID-19 pandemic.
Most importantly, have an incident response plan in place in the unfortunate event your network’s cybersecurity is breached. This plan should include contact information of insurers, and a rapid investigation and response team to mitigate the damage of data breach.
Franklin S AMANYA is a Socio-Economic Commentator in Kigali and an MBA (Strategic Management) Student at Mount Kenya University.