WFH Cybersecurity Concerns: Experts Weigh in on Phishing

Written by James Anderson
March 20, 2020

More employees are working from home, using personal devices.

Do your customers have a security plan in place for their remote workers?

Cybersecurity Ventures’ Steve Morgan

Employees have moved into home offices in droves as more and more local governments issue “stay-at-home” and “shelter-in-place” orders. Employers have good reason to consider the cybersecurity implications of this situation, said Steve Morgan, founder of Cybersecurity Ventures.

“Employees from organizations of all sizes and types now have minimal cybersecurity resources, if any, compared to what is normally available to them,” Morgan wrote. “If remote workers don’t immediately self-educate, and if businesses don’t immediately provide their employees with security awareness training centered on the home office threat, then we could see global cybercrime damage costs as much as double by the end of this year.”

PC Matic’s Rob Cheng noted that most employees will now be using personal devices to hop onto company networks.

PC Matic’s Rob CHeng

It’s a “security hole,” according to Cheng.

“First, it is unclear what, if any, security solutions are installed on these devices. Second, employees are using the devices for dual purposes – personal and professional,” Cheng wrote. “… If an employee is connected to their corporate network for work purposes, then checks personal email or logs into social platforms potentially clicking on malware-riddled webpage the malware not only can, but will spread to the company’s network through the remote access port.”

This expanded attack surface makes phishing a bigger concern than ever. Last year’s Verizon Data Breach Investigations Report showed how popular a method phishing has become. Robert Herjavec, founder and CEO of an MSSP called Herjavec Group, said IT and security and security teams said phishing attacks will increase as threat actors “thrive on chaos.”

“You may want to start or continue a phishing simulation to keep employees on their toes. Either way – keep in mind that while the health and safety of your teams is paramount, cyber hygiene should never take a back seat,” Herjavec wrote in a blog post.

There is no doubt that hackers are continuing to leverage #Coronavirus in order to target individuals and organizations using phishing scams. In the latest Cybersecurity CEO blog, @robertherjavec shares tips on how to spot a phishing email. Read more- https://t.co/NBgbm6Az9K

— Herjavec Group (@HerjavecGroup) March 19, 2020

An Ohio business recently sued its MSP for allegedly failing protect the customer from a $1.7 million phishing scam.

JS Group’s Janet Schijns

JS Group CEO Janet Schijns advised partners that they should team up with a company that has a security practice if they themselves don’t have one.

“As people begin to work virtually, it has become very critical that you understand that data at motion is data at risk,” Schijns told Channel Partners earlier this week.