Insider Threat ManagementWork At Home Controlling Cyber Threat Risks in the Days of COVID-19

March 25, 2020

Unprecedented  ….  Uncertain …..  Indeterminate

Although these phrases seem over-used by news outlets these days, they are all, unfortunately true. We are living and working with many unknowns. The one “known” that has followed us is that of cyber threat. During the past month, cyber-attacks of all varieties have only increased as they prey on user fears and the weakened security that most work-at-home scenarios provide. How does this happen and how can you protect your employees?

>  Reliance on Digital Communication – While working from home, users are leaning more heavily on digital communication methods including chat, email, conference call systems, and online workspaces. This opens the door wide for both infrastructure attacks and end-user attacks like phishing. Just this week, the World Health Organization (WHO) was targeted when hackers successfully set up a false login page to an employee portal in an effort to gather user passwords.

> Employee Fears and Uncertainties – In trying times, people make poor, hasty decisions and unfortunately, “phishers” are well aware of this fact. The first 2 weeks of March reported 15 times more phishing attacks as there were for the entire month of January. As of March 14th, they made up 2% of all email traffic. These emails may impersonate co-workers requesting data, third parties needing assistance, or even provide knock-off links to critical public updates from the CDC or WHO.

> Blending Personal and Business Communications – It’s no secret that work-from-home employees have a significantly higher tendency to blend their personal and business functions, including their emails, online transactions, and sometimes even the machine they’re using. Even users who are vigilant to protect their company’s information, are typically more lenient in their daily browsing. An employee (or even their family member) accidentally clicking a malicious link on a company-owned machine could be devastating, letting in ransomware or malicious data harvesters. In addition, applications intended for home use such as free cloud-sharing, video chat, finance, and gaming apps do not have the level of security in place to handle threats.

So what can you do to protect both the company’s infrastructure and its employees?

1. Review the capabilities of the software you have – Make sure you’re aware of the features in your security toolbox that perhaps you’ve never had reason to use and may apply to offsite employees. For example, innerActiv can monitor offsite employee activity when configured to do so.

2. Communicate directly to your employees – Education is key especially for companies without existing work-at-home protocols. Communicate the appropriate usage of their machine, secure communication channels, and social engineering risks.

3. Monitor at the endpoint – When employees are off-network, endpoint monitoring and security is a requirement. If you need help getting started, innerActiv is offering our software at-cost. Contact us at for information.