Shifting your computer workstation from the office to home in the midst of the coronavirus pandemic may be more complicated than you think.
Bryan Cunningham, executive director of UCI Cybersecurity Policy & Research Institute, said there are bandwidth limitations and security issues that Orange County’s business community must deal with when they tell employees to set up shop at home.
Then there are hordes of cyberattackers and cyber-scammers buzzing around, waiting to pounce on the unwary.
“I would imagine that in certain areas where they don’t have as much infrastructure, and lots of people are sent home and kids are sent home from school, you could see not a complete crash, but a lot of slowdowns and people getting kicked off and things like that,” Cunningham told the Business Journal on March 16.
He added, “The scams and the actual attacks are just going to automatically go up because so many more people are spending all day at home on their computer.”
“Organizations and their employees will be forced to make tough decisions rapidly, and enabling a remote workforce is one of those decisions,” added Mike Sentonas, chief technology officer for cybersecurity firm CrowdStrike Holdings Inc., in a recent blog entry pertaining to COVID-19.
“There are risks involved in accomplishing this at speed, but the security of your networks, devices and data shouldn’t be among them,” said Sentonas, whose $8.6 billion-valued Sunnyvale-based company (Nasdaq: CRWD) was founded in Irvine and still has significant operations in the city.
50M More Users
The sheer numbers tell the story as people adjust to the spread of COVID-19.
“We’re all used to being able to stream our favorite movies, a lot of the gaming people—it takes a lot of bandwidth,” Cunningham said.
“And all of a sudden you have 40 million to 50 million more people home than normal. You could run into pretty serious bandwidth shortages in different parts of the country.”
Microsoft and Amazon in the Seattle area are among the thousands of businesses and organizations that have told people to work from home, while universities—including UCI—are moving to online teaching.
Thankfully, Cunningham doesn’t think the internet will “completely freeze up” in most locations.
Cunningham said workers at sophisticated companies will probably be required to use a VPN—virtual private networks—or other secure connections.
“That takes much more bandwidth than a regular type of connection,” according to Cunningham. “A lot of security measures like encryption or VPN—they’re not difficult to use but a lot of people aren’t used to using them.”
“There’s going to be a lot of data that’s sent back and forth between workers and companies that normally would be safe because it’s inside the company’s network, but now it’s being sent back and forth with smaller, less sophisticated companies, unencrypted,” Cunningham said.
“I’m sure that the hackers are going to try to figure out where those people are and try to steal the companies’ secrets.”
Marios Papaefthymiou, dean of the Donald Bren School of Information and Computer Sciences at UCI, was equally adamant about the need to seek a secure connection from home.
“It will be critical to have the most up-to-date version of all connectivity software such as VPNs,” he told the Business Journal, adding it’s also critical “to stay away from public Wi-Fi networks.”
Cybersecurity has been an increasingly important topic even before the coronavirus pandemic.
Cunningham’s institute brings together more than 200 participants from academia, business, government, law enforcement and the privacy and civil liberties sector “in a unified effort to combat cyber threats.”
Fraudulent scams are likely to abound as people seek ways to avoid the pandemic.
“They’re selling you fake cures for coronavirus and fake treatments,” Cunningham said, adding that some fraudsters take your money for protective masks that never arrive, for example.
“In every major type of crisis, probably back to the caveman days, the scammers come in right away and they’re already here,” according to Cunningham. “The bad guys are specifically targeting people who are afraid of the coronavirus.”
Newport Beach-based law firm Newmeyer & Dillion LLP on March 10 warned about an increase in cyberattacks and phishing disguised as coronavirus concerns, in a client alert.
“Attackers have sent emails disguised as concerns about coronavirus in creative ways, including posing as regional healthcare facilities, business partners, and World Health Organization employees in an email to various companies with attached instructions regarding monitoring individuals for coronavirus symptoms,” attorneys Shaia Araghi and Jeff Dennis wrote in a client alert.
The firm offers training to ensure employees remain vigilant when it comes to cyber hygiene.
“Knowing that the public is gripped with fear (and in some cases, panic), hackers are capitalizing on human emotions to accelerate their cybercrimes,” the lawyers added. “For individuals, the key is to continue to stay vigilant, question suspicious e-mails, and when in doubt—do not open any attachments or click on any links.”
“Continuous end-user education and communication are extremely important and should include ensuring that remote workers can contact IT quickly for advice,” CrowdStrike’s Sentonas said. “Organizations should also consider employing more stringent email security measures.”
Tips for Computer Use During Coronavirus Pandemic
As more people set up shop at home and work during the spread of COVID-19, Bryan Cunningham, executive director of UCI Cybersecurity Policy & Research Institute, has some key tips for cybersecurity that follow immediately below.
“I would say the basic cyber hygiene rules still apply,” Cunningham said. “Folks should have a heightened sense of skepticism regarding any website, product, or service relating to COVID-19 and health more generally:
• DO NOT click on links in any email or other communication unless you know the person sending the link and, ideally, you confirm that they sent it.
• Enable Multifactor authentication on as many applications as possible.
• If you’re working from home, carefully follow all instructions from your IT/security staff.
• Only purchase items online with a credit card or other avenue that has a solid track record of protecting consumers against scams and fighting to get refunds for goods not delivered (e.g., American Express).
• If it seems too good to be true, it probably is.
Some more top cybersecurity experts offer their tips for staying cybersafe while working at home, as collected by the Business Journal:
Chief Information Security Officer/Chief Evangelist
SecureAuth Corp., Irvine
• “Threat actors are targeting people. They’re trying to impersonate insurance companies, health companies, IT companies. All of that stuff that we’ve seen in the past is just going to exponentially ramp up. Cybercriminals will not let a crisis go to waste.”
• “Slow down, take your time and start questioning absolutely everything.”
• For employers: “What can happen is companies will start to make exceptions and lighten up on the security aspects of their procedures because a lot of them are in a position that this has not happened before.” End result: the system becomes vulnerable to cybercriminals.
• On the other side, in SecureAuth’s move from “regular office into everybody working from home, there was literally no hiccups” as the company is accustomed to maintaining full security with many people already working remotely.
• Employees should “bracket their time” so they don’t get burned out by overworking at home, especially if the crisis lasts for a long time.
Chief Operating Officer
BlackBerry Cylance, Irvine
• Criminally minded countries can target an individual “using an unsecured home system” as they try to gain access into a corporate environment. The resulting industrial espionage “creates a much more long-term impact.” China, Russia, North Korea and Iran are considered the main nation state adversaries infiltrating American computers.
• “There has been a major increase in cyberactivity from the bad actors.”
• He says the “ultimate challenge” is “enabling an employee to work from home on their home laptop or their home PC.”
• The current crisis presents “significant challenges” for U.S. corporate security enforcers as they try to maintain employee productivity. His company offers a product called BlackBerry Desktop “that literally turns any home laptop into a remote corporate work laptop.”
• Phishing scams, ransomware attacks are among the dangers. Phishing tricks an internet user, usually by a deceptive e-mail message, into revealing personal or confidential information which the scammer can use illicitly. Ransomware is a kind of malicious software that blocks access to a computer until money is paid.
Cisoshare, San Clemente
• Companies need to have security policies and acceptable use policies up to date so employees know they apply to working at home in addition to in the office. When employees know they are going to get laid off or furloughed “unfortunately” they may start moving information from the company computer into their own computers. “It’s not something that’s talked about quite yet,’’ he said March 18 as the crisis was prompting the first waves of layoffs.
• “As much as you can, you want employees to use company-supplied equipment.” Employees should not use company-issued equipment for personal uses, and they shouldn’t use personal devices for business.
• Offices generally have anti-virus protection, logging-in monitoring and other forms of security. “Employees might not have that same level of protection at home.”
• A virtual private network—or VPN—is often recommended to provide security for at-home users but it only covers connectivity back to the company computer. “Most of the risks are going to be on the machine itself or at the home environment.”