Covid-19: A Profitable Opportunity for Cyber-Criminals

Covid-19 — the virus which is shaking the world — is rapidly increasing the number of employees who work remotely.  This mass exodus of employees from the "more secure" office environment into the unsecured home terrain is a breeding ground for cyber-security risk.

COVID-19 and remote working

In South Africa, President Ramaphosa declared a nationwide lockdown for 21 days on 23 March, under the Disaster Management Act, 2002.  In his lockdown speech on 23 March, President Ramaphosa stated that "Firms that are able to continue their operations remotely should do so".

It is clear that business has been gearing for this inevitability.  This is evident by, for example, the staggering increase in Microsoft Teams usage in recent weeks, among other virtual and other remote chat-based platforms.  However, remote working significantly increases the risk of employees falling victim to cybercrime.

Cybercrime - the law?

A legislative framework against cybercrime is imperative given the increasing use of technology. The first version of the Cybercrimes Bill was published in 2017.  The Bill creates offences and establishes a process for reporting and investigating cybercrimes.  In terms of the Bill, cybercrimes include: unlawful access, interception and interference with data; cyber fraud; cyber forgery and uttering; cyber extortion and theft of incorporeal property.

Once the Bill comes into effect, perpetrators face severe penalties, some of which include imprisonment for a period of up to 15 years.

Cyber-security risks posed by remote working

Remote working may result in many challenges, including the increased risk of falling victim to cybercrime.  This is due to the possibility that employees may connect to unsecured Wi-fi networks and may use personal devices without adequate antivirus systems or firewalls to prevent malware compromising the device and the data stored on it.  There is the risk that employees may leave devices which contain work-related data unattended in unsecure areas. Employees may use their own personal hardware which may be compromised, such as USBs and hard drives, for work purposes.

There is also the risk that an employee may use a personal email address to send work-related content to an employer or a third party (for example, a customer).  This poses a large cyber-security risk, as these emails may not be appropriately encrypted to avoid third parties being able to access and use the content.  In addition, sensitive information contained in the emails would pass through third-party service providers' servers.  It is therefore imperative that employees use internet service providers which are authorised by the employer when dealing with work-related content.

Unfortunately cyber-criminals are taking advantage of the current crisis, including by distributing emails — some purporting to be from organisations such as the World Health Organisation and Centre for Disease Control — that contain phishing links and attachments.  Emails that contain cartographic presentations of the spread of the virus, or purport to contain an updated list of Covid-19 cases, may also contain malicious links or attachments.  Certain emailed requests for donations from "charities" which claim to aid victims of Covid-19 are in fact attempts by cyber-criminals to defraud "donors".

RiskIQ, a digital threat management company, released statistics which are an alarming illustration of the increasing cyber-security risks posed by the global pandemic.  RiskIQ scanned its spam for the period between 30 March and 31 March 2020 and found that 217 169 spam emails received during this period made reference to Covid-19 in the subject line.  1 625 of these emails sent an executable file for the Windows operating system, likely an attempt to breach the recipient's device and procure or alter data stored on the device.

IT support and managers may not be as readily available when employees are working remotely as when they are in the workplace, so employees may more willingly forgo caution and fall victim to these phishing attempts, putting the data of businesses in jeopardy. To protect your business, try to ensure that your IT support feels as available to remote employees as it was onsite.

Prevention is better than cure

Employers need to speedily address the need for employees to work remotely and yet still be alive to the cyber-security risks that such remote working poses to work-related data. Employers should seek assistance in putting clear policies in place to ensure that employees who are working remotely use IT equipment in a manner which is approved and subject to the control of the employer.