Since being discovered in late 2019, COVID-19 has sadly killed thousands and disrupted much of the world economy. Northern Italy is in lockdown, SXSW and other major world events are cancelled, and a slew of large companies are increasingly telling their employees to “stay home”.
Yet as more workers operate remotely, Orange County cybersecurity startup, Active Cypher, sees IT departments struggling to ensure the same levels of cybersecurity as provided within the office. Active Cypher’s Chief Strategy Officer and Microsoft/Cisco veteran, Mike Quinn, comments, “it is becoming clear that the economic ramifications of the Coronavirus, may extend on a secondary front as hackers take advantage of increased utilization of personal devices, lack of secure Wi-Fi, amongst other blaring vulnerabilities.”
Malicious actors have already begun misinformation campaigns on social media while using the serious subject for spear phishing. Direct attacks to insecure endpoints could ultimately lead to more major incidents of data loss. Already in the past few months, companies ranging from Clearview AI (a facial recognition company) to Wawa (the convenience store), have faced data breaches exposing billions of customer records. With consumer privacy laws such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which came into effect on January 1, 2020, economic consequences of data loss will be compounded. Last year alone, European data protection authorities enforcing GDPR fined Marriott International $110 million and Google $50 million. While those amounts may be a drop in the bucket for large corporations, “expect more fines to come,” says Quinn.
Beyond the confines of an organization’s walls (with its nearby IT support and tech-savvy colleagues to help), the frustration of some employees may lead to major gaps in security. Companies should, unfortunately, expect an increase of non-compliant activities, including the use of personal devices and lapses in the proper classification of sensitive data. “When the cat’s away, the mice will play (and not follow security protocols),” comments Active Cypher’s President, Greg Morrell.
The stresses on IT departments as large portions of their firm go suddenly remote, will also contribute to security lapses as attention is diverted from the monitoring of threats and prevention to setting up loaner laptops, connecting new machines to home printers, resolving longstanding WiFi issues, and painstakingly dealing with the technologically challenged. In effect, the sudden jump in remote work has opened a Pandora’s box for IT professionals, as every employee’s home network, becomes a potential support ticket nightmare and an unknown vulnerability.
In order to prepare their companies for remote work, IT leaders must quickly take steps to secure their data end-to-end. VPNs, if not already utilized, should be immediately deployed along with password managers. Perhaps more importantly, data should be secured at the file level as a last line of defense. “Securing all home offices and ensuring employees maintain compliance with security practices will undoubtedly be a monumental task,” Quinn explains. “We formed Active Cypher with the strong belief that data security is a social right. Obviously, the exposure of data created by remote work greatly perturbs us.”
To help with this effort, Active Cypher has offered new and current clients the use of its quantum-resilient security solution free of charge for the duration of the COVID-19 outbreak. “It’s a small step in these tumultuous times to making sure our clients’ businesses return to normalcy and avoid potentially catastrophic breaches,” concludes Quinn.