August 25, 2020
In the corporate work world, cybersecurity experts are worried about their limited ability to track how employees are working remotely, including whether they record conference calls, share corporate devices with family members or take photos of sensitive documents. Their actions could inadvertently put the company at greater risk to be hacked; organizations such as the National Bureau of Economic Research are tracking an uptick in hacking attempts while corporate security teams are devising new policies to head off the problems.
The Wall Street Journal reports that, according to Forcepoint principal research scientist Margaret Cunningham, people are often used to working in secure rooms, which reminds them about the rules. “That has a very different feeling than walking into a living room,” she noted.
Carolyn Dittmeier, chair of the Italy-based insurance firm Generali Group audit committee added that, “the potential [for] human error increases when you don’t have all your colleagues around you.” At one of her companies, earlier this year, an employee “transferred more than €1 million ($1.1 million) to a fraudulent account after someone sent an invoice impersonating a supplier and requested an overdue payment.”
An IBM survey revealed that, 45 percent of those working remotely “said their companies provided no special training on securing devices at home” and 42 percent said they handle “personal identifiable information such as Social Security numbers or financial data in their job.”
Equifax chief information officer Jamil Farshchi reported that his company “uses behavioral analytics software on employees’ devices to understand how they work and identify activity that seems abnormal.” It’s tricky, he said, when employee’s normal routines are broken, and led to a “higher volume of alerts about abnormal activity” over such issues as an employee starting work at different hours every day.
“I don’t know what standard looks like anymore,” he said. “That’s the additional challenge organizations face because it’s just a lot of unknown.”
At the World Economic Forum’s Center for Cybersecurity, chair of the advisory board Troels Oerting said that companies are “tightening security policies” in anticipation of continued remote work, with some “specifying where employees can work if they aren’t at home, since Wi-Fi networks at local pubs or vacation homes may present new security risks.”
Elsewhere, WSJ reports that, “hackers are targeting employees doing business from their new, makeshift workplaces, using techniques such as scam emails that pretend to be videoconference invitations but that actually steal network credentials.”
“In the course of [the first] two weeks [of the pandemic], we saw orders-of-magnitude increases in our alerts,” said Millicom International Cellular head of cybersecurity John Masserini. By May 28, the FBI had received “around 320,000 complaints of Internet crime … nearly double the rate for the prior year” and a Secret Service official stated that “he expects over $30 billion in stimulus funds will end up being pilfered through scams, many of them cyberattacks.”