Warning that remote working could allow cyber criminals to gain

Local cyber security expert Carl Ceillam issued the warning as many businesses have asked or are considering asking staff to work from home.

‘Cyber criminals love a global crisis,’ said Mr Ceillam who is chief penetration tester at The Chain Ltd.

‘We’ve already seen phishing emails exploiting victims of the Flybe collapse, and malicious applications posing as interactive Covid-19 maps.

‘But my main concern is that businesses do not fully understand the risks of working remotely from home. Some of these systems are not as secure as they should be, and so there is a danger we could see a sharp increase in data breaches or fraudulent activity.’

The issue centred on remote access systems and virtual desktop environments that organisations set up for workers who are on the move or working off-island, he said.

‘Many companies don’t have adequate remote access systems in place and are rushing to set up new services or increase capacity. They are not taking the time to have their security tested properly.

‘It stands to reason that if staff can access the system remotely, then potentially so can a cyber criminal.’

Additionally, a home user’s computer might not be as secure as one in the office so could be hijacked by hackers to gain access to corporate systems.

Data protection issues could also arise.

‘It’s surprisingly common that remote access users are allowed to copy data between their own personal computer and the corporate system, even though in the office transfers to USB devices may be blocked to prevent data loss.

‘When people copy corporate data to their personal devices the organisation loses control of that data. It can be misused by malicious employees, lost, stolen or accessed by unauthorised individuals.

‘These aren’t new risks but as we relocate in large numbers from the relative safety of the workplace to the untrusted internet, the risks are increased significantly.’

Cyber criminals had the lead when it comes to working in isolation and coping with business disruption, added Mr Ceillam.

‘Unlike most businesses, cyber criminals operate almost exclusively online already. Most don’t have an office to go to, they don’t need to meet up in-person with colleagues, and even their victims are online.

‘The only resources they need are an internet connection and a computer. They are open for business and ready to profit from this crisis if we don’t take precautions.’