Due to the rise of cases of SARS-CoV-2 (the novel coronavirus that causes the disease COVID-19), a number of companies have advised employees to work from home. With the drive towards remote working, there are expected to be massive data breaches as companies struggle to bridge this cybersecurity gap. The startup, Active Cypher, has looked into the issue and is taking action to combat hackers who are already taking advantage of this crisis by securing data at the file level.
Looking into the issue in-depth, Orange County cybersecurity startup, Active Cypher, has seen IT departments struggling to ensure the same levels of cybersecurity the office provides. Active Cypher’s Chief Strategy Officer (and Microsoft/Cisco veteran), Mike Quinn, tells Digital Journal: “it is becoming clear that the economic ramifications of the Coronavirus, may extend on a secondary front as hackers take advantage of increased utilization of personal devices, and lack of secure Wi-Fi, amongst other blaring vulnerabilities.”
Quinn has also found that malicious actors have already begun misinformation campaigns on social media while using the serious subject for spear phishing (this tactic has also been reported on by The New York Times).
Quinn explains that risks to businesses extend beyond the coronavirus: “Direct attacks to insecure endpoints could ultimately lead to more major incidents of data loss. Already in the past few months, companies ranging from Clearview AI (a facial recognition company) to Wawa (the convenience store), have faced data breaches exposing billions of customer records. With consumer privacy laws such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which came into effect January 1, 2020, economic consequences of data loss will be compounded. Last year alone, European data protection authorities enforcing GDPR fined Marriott International $110 million and Google $50 million. While those amounts may be a drop in the bucket for large corporations.”
Based on this, Quinn says: “expect more fines to come.”
Looking at remote working, Active Cypher’s President, Greg Morrell states that: “Beyond the confines of an organization’s walls (with its nearby IT support and tech-savvy colleagues to help), the frustration of some employees may lead to major gaps in security. Companies should, unfortunately, expect an increase of non-compliant activities, including the use of personal devices and lapses in the proper classification of sensitive data.”
He adds: “When the cat’s away, the mice will play (and not follow security protocols).”
Morrell also notes that: “The stresses on IT departments as large portions of their firm go suddenly remote, will also contribute to security lapses as attention is diverted from the monitoring of threats and prevention to setting up loaner laptops, connecting new machines to home printers, resolving longstanding WiFi issues, and painstakingly dealing with the technologically challenged. In effect, the sudden jump in remote work has opened a Pandora’s box for IT professionals, as every employee’s home network, becomes a potential support ticket nightmare and an unknown vulnerability.”
Morrell also notes that: “The stresses on IT departments as large portions of their firm go suddenly remote, will also contribute to security lapses as attention is diverted from the monitoring of threats and prevention to setting up loaner laptops, connecting new machines to home printers, resolving longstanding WiFi issues, and painstakingly dealing with the technologically challenged. In effect, the sudden jump in remote work has opened a Pandora’s box for IT professionals, as every employee’s home network, becomes a potential support ticket nightmare and an unknown vulnerability.”
In terms of best practices, Quinn explains: “In order to prepare their companies for remote work, IT leaders must quickly take steps to secure their data end-to-end. VPNs, if not already utilized, should be immediately deployed along with password managers. Perhaps more importantly, data should be secured at the file level as a last line of defense.”
Quinn sates further: “Securing all home offices and ensuring employees maintain compliance with security practices will undoubtedly be a monumental task. Companies need to move to safeguarding their files immediately, as gaps in security will take time to close.”
With his own company’s service, Quinn states: “To help with this effort, Active Cypher has offered new and current clients the use of its quantum-resilient security solution free of charge for the duration of the COVID-19 outbreak. It’s a small step in these tumultuous times to making sure our clients’ businesses return to normalcy and avoid potentially catastrophic breaches.”
