In times of crisis, we get to see the best and worst of people. Soon after the COVID-19 pandemic of March 2020 resulted in millions of job losses across the United States, many landlords opted to give tenants a break on monthly rent payments, and food bank managers reported being well stocked. On the other hand, the Federal Bureau of Investigation reported that cybercrime groups have become more active as they seek to take advantage of people working from home.
Information security researchers have identified vulnerabilities in two mobile video conferencing apps that became very popular shortly after social distancing and stay-at-home orders were issued by public health officials. One report explained how a malware injection targeting a specific app could result in Windows password credentials being secretly sent to remote servers. The most common injection method appears to be a malicious URL pasted within email messages for coupons and special offers.
The clients that your staff members are using to work from home should also be considered in terms of company security. If they are using company-issued devices, it stands to reason that they are protected in terms of secure port configuration and antivirus software, but what about the personal smartphones, tablets, and laptops that your employees have put to work? Many companies have rushed to implement “bring your own device” policies during the pandemic, but this could bring about security risks if the client hardware is not secure.