Coronavirus and Telecommuting: How One Risk Is Giving Way to an Even Bigger Cyber Threat
First identified in Wuhan, Hubei Province, China in December 2019, the virus, officially known as “SARS-CoV-2,” has created a ripple effect throughout the global economy.
Most commonly referred to as “coronavirus disease 2019,” or COVID-19 according to The Centers for Disease Control and Prevention (CDC), the pandemic has decimated the market value of countless firms with no signs of easing.
At the time this article was published, The Center for Systems Science and Engineering at Johns Hopkins University reported 118,252 global cases of COVID-19 with 4,262 deaths and 64,391 total recoveries.
The U.S. has seen 959 confirmed cases with 28 deaths and 8 total recoveries, with the most cases in Washington State, California and New York.
Global reaction has been swift and decisive; Italy’s government has ordered its citizens to stay home, The U.S. has temporarily closed its borders to non-U.S. citizens traveling from all European countries except the UK, some countries have cancelled school for several weeks, and many sporting events have either been cancelled or will continue without fan attendance.
What was once known as a human resources perk at U.S. firms has now become a critical link in the business continuity and resiliency chain; the ability to telecommute.
Office Exodus
The Wall Street Journal reported that several U.S. firms are encouraging telecommuting in order to prevent the spread of COVID-19.
Microsoft instructed workers in northern California and Seattle to work from home, Apple gave similar instructions to its global workforce, and Stripe is now interviewing candidates via videoconferencing in lieu of in-person interviews.
Many firms are replacing face-to-face meetings with conference calls or videoconferencing, cancelling travel plans much to the chagrin of airlines and hotels. A growing number of higher education institutions have even decided to conduct the remainder of the semester via online classes in hopes of preventing the rapid spread of the virus.
What was once known as a human resources perk at U.S. firms has now become a critical link in the business continuity and resiliency chain; the ability to telecommute.
The “flight to telecommuting” on such a massive and sudden scale has raised many questions at firms of all sizes, with a special emphasis on firms not possessing the technical expertise and scale of Fortune 1000 entities.
Do employees have the technical resources at home to successfully complete tasks remotely? Will employers contribute to employees’ internet and phone bills should their personal telecommunications footprint increase drastically due to the excessive data loads required for corporate work? Will internal/external tech resources become overloaded from the many “telecommuting newbies” needing extra handholding?
According to the U.S. Department of Labor there are no federal legal requirements for paid sick leave, so how do employers not offering this benefit prepare for the rise in sick employees working from home who may possibly contract the virus?
Perhaps the most insidious side effect resulting from this new telecommuting workforce is the potential rise in cyber attacks targeting softer targets.
Creating a New Risk While Solving for a Current One
While telecommuters may be less-exposed to COVID-19 while working remotely, a new risk is evolving.
This mobile workforce may not practice the same proper cyber hygiene at home as they would in an office environment. Forgetting to utilize a virtual private network at home, for example, could encourage evil actors looking for a path of least resistance to gain access to sensitive data.
To make matters worse, many telecommuters may opt to work from their local coffee shop utilizing unsecured WiFi networks. Confidential phone conversations that once occurred in the private confines of an office building may now be conducted in more public settings, further jeopardizing the confidentiality of sensitive information.
Telecommuter Cyber Playbook
At a time when personal hygiene is extremely critical, cyber hygiene must also remain a top priority for telecommuters.
With the virus spreading exponentially, telecommuting will become the new normal in the coming months necessitating the need for companies to develop a “telecommuter cyber playbook.”
This framework should address how employees can implement proper at-home cyber hygiene and should include contact names and phone numbers of information technology staff on call.
As part of their ongoing business resiliency planning, firms must devise a strategy for either hiring more internal IT staff or contracting with external IT firms.
With demand for cyber security professionals far outpacing supply globally, planning for IT staffing is critical given the next pandemic could be just around the corner. &