“Although managers always have to be alert to cyberattacks, the current situation increases vulnerabilities to computer viruses and malicious hackers."”
With reported COVID-19 cases climbing daily, many companies have allowed, or required, employees to work from home. As people around the world try to stop the virus’ spread by self-isolating, however, companies also have to increasingly contend with another threat– computer viruses.
Although managers always have to be alert to cyberattacks, the current situation increases vulnerabilities to computer viruses and malicious hackers. Companies always have to balance setting up their computer security to allow employees, customers, and suppliers to access their information systems, while also stopping unauthorized access. This task, however, has recently become more challenging for the following reasons:
* A large, unexpected increase in employees working from home. The U.S. Census Bureau estimates that between five and six percent of employees normally work from home, but this number has skyrocketed. In addition, a 2017-2018 survey by the U.S. Bureau of Labor Statistics found that only about 28 percent of U.S. workers felt they would be able to work from home. So, many companies are scrambling to train and give virtual access to thousands of employees, who normally do most of their work on-site at the company.
* An increase in virus anxiety. With high uncertainty surrounding the spread and treatment of COVID-19, people sometimes look for answers from whatever sources might be available. This anxiety, however, also makes them vulnerable to cyberattacks like “phishing emails” that promise information about the pandemic, but instead can install keyloggers, take screen shots, or download ransomware when an employee clicks on a hyperlink. Alternatively, phishing emails can look like a legitimate email from a fellow employee, making them hard to detect.
* Vulnerability in some employees’ home WiFi networks. Because many employees may now be working from home unexpectedly, they may not have been trained in vulnerabilities that exist in doing work over at-home WiFi. For example, computer routers, which provide Internet access, and “Internet of Things” devices, which connect home appliances like thermostats to the Internet, often have weak security out of the box. In addition, employees may have connected their Internet of Things devices to the same home WiFi network they use to communicate with work.
* Slowdown in economic activity and preoccupation with the COVID-19 virus. The global economic slowdown caused by the pandemic may increase incentives for some nation-states or people to engage in cybercrime to make money. In addition, because people, in general, are increasingly distracted with health and work concerns, they may forget about computer security protocols that they follow during normal times.
“Although cybersecurity training is always important, heightened awareness is even more critical in a crisis when people are distracted, giving cybercriminals more opportunities to strike."”
What can companies do combat these cyber threats? Some suggestions, like encouraging employees to use strong passwords and not to open questionable emails, remain the same as before the pandemic. In addition, managers should consider doing the following:
Inform employees that cyber threats have increased. Although cybersecurity training is always important, heightened awareness is even more critical in a crisis when people are distracted, giving cybercriminals more opportunities to strike. Reminding employees to use computer security protocols and emphasizing why these procedures are even more important now may help avoid some security issues.
Encourage employees to reduce at-home vulnerabilities. Providing information and technical support for employees transitioning to working from home is critical. For example, along with providing remote log-in information, companies may need to provide employees with how-to guides to implement steps like moving Internet of Things to guest networks or changing router passwords (which may be “admin” as a default) to better secure their home WiFi networks. Encouraging employees to keep their home computers current with the latest software updates, which may be done automatically on their office computers, is also important in reducing vulnerabilities.
Back up data and operations. With increasing cyber threats, managers need to make sure they have contingency plans and regularly back up data in case a company faces a cyberattack that disrupts business, like having its website knocked offline by a distributed denial of service attack or critical data locked up by ransomware. A recent data backup can allow the company to restore operations more quickly following a cyberattack.
Implement two-factor authentication. Moving beyond relying just on passwords adds another layer of computer security when employees log on remotely to a company’s computer system. According to PC Magazine, security experts often classify security authentication based on features such as “something people know”, like passwords, “something people have”, like a cellphone, and “something people are”, like a fingerprint. Two-factor authentication requires two of these, such as requiring both a password and a one-time code sent to a cellphone, to complete the log in process. Requiring multiple authentications reduces vulnerabilities, even if cybercriminals figure out an employee’s password.
Franz T. Lohrke is a professor of entrepreneurship in the Raymond J. Harbert College of Business at Auburn University.