WFH Cybersecurity Concerns: Experts Weigh in on Phishing

More employees are working from home, using personal devices.

James Anderson, Senior News Editor

March 20, 2020

3 Min Read
unsecured http connection - phishing website concept
Getty Images

Do your customers have a security plan in place for their remote workers?

Morgan-Steve_Cybersecurity-Ventures.jpg

Cybersecurity Ventures’ Steve Morgan

Employees have moved into home offices in droves as more and more local governments issue “stay-at-home” and “shelter-in-place” orders. Employers have good reason to consider the cybersecurity implications of this situation, said Steve Morgan, founder of Cybersecurity Ventures.

“Employees from organizations of all sizes and types now have minimal cybersecurity resources, if any, compared to what is normally available to them,” Morgan wrote. “If remote workers don’t immediately self-educate, and if businesses don’t immediately provide their employees with security awareness training centered on the home office threat, then we could see global cybercrime damage costs as much as double by the end of this year.”

PC Matic’s Rob Cheng noted that most employees will now be using personal devices to hop onto company networks.

Cheng-Rob_PC-Matic-e1584740657361.jpg

PC Matic’s Rob CHeng

It’s a “security hole,” according to Cheng.

“First, it is unclear what, if any, security solutions are installed on these devices. Second, employees are using the devices for dual purposes – personal and professional,” Cheng wrote. “… If an employee is connected to their corporate network for work purposes, then checks personal email or logs into social platforms potentially clicking on malware-riddled webpage the malware not only can, but will spread to the company’s network through the remote access port.”

This expanded attack surface makes phishing a bigger concern than ever. Last year’s Verizon Data Breach Investigations Report showed how popular a method phishing has become. Robert Herjavec, founder and CEO of an MSSP called Herjavec Group, said IT and security and security teams said phishing attacks will increase as threat actors “thrive on chaos.”

“You may want to start or continue a phishing simulation to keep employees on their toes. Either way – keep in mind that while the health and safety of your teams is paramount, cyber hygiene should never take a back seat,” Herjavec wrote in a blog post.

An Ohio business recently sued its MSP for allegedly failing protect the customer from a $1.7 million phishing scam.

Schijns-Janet_JS-Group.jpg

JS Group’s Janet Schijns

JS Group CEO Janet Schijns advised partners that they should team up with a company that has a security practice if they themselves don’t have one.

“As people begin to work virtually, it has become very critical that you understand that data at motion is data at risk,” Schijns told Channel Partners earlier this week.

Read more about:

MSPs

About the Author

James Anderson

Senior News Editor, Channel Futures

James Anderson is a senior news editor for Channel Futures. He interned with Informa while working toward his degree in journalism from Arizona State University, then joined the company after graduating. He writes about SD-WAN, telecom and cablecos, technology services distributors and carriers. He has served as a moderator for multiple panels at Channel Partners events.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like