In the News

Employee Account Takeover in the Age of COVID-19

Apr 15, 2020 Security Boulevard

Account takeover for employees, customers, and users has become a real issue since the COVID-19 outbreak. Here is why that is and what organizations can do about it.

Since its discovery in December 2019, the novel Coronavirus, Covid-19, has spread throughout the world and caused significant disruption. This disruption has taken many forms. Of course, the most serious consequence of the pandemic has been the loss of life and the economic impact. Measures such as social distancing and self-isolation are considered necessary. It’s because of this that some authorities and conscientious employers moved to home-working.

The way we work has fundamentally changed, at least for the time being. We are now witnessing remote working at levels never seen in the past. This shift towards home working has allowed many thousands of businesses to continue operating through these unprecedented and uncertain times. However, this shift has also created opportunities for nefarious individuals to exploit companies. Work-from-home threats are a pressing and real concern.

Account Takeover & Attacks on the Rise during COVID-19 Crisis

Cybersecurity experts and government officials have warned that companies transitioning to large scale remote working are at risk of cyberattacks, employee account takeover attacks, and customer account takeover attacks. Although remote working isn’t new, many companies only had limited home-working capabilities, if any. The best way to ensure protection from cyber attacks is to have an educated workforce, robust cybersecurity systems and tools, and a thorough implementation of policies. However, unprecedented times call for unprecedented measures. The coronavirus pandemic hit swiftly and as such many businesses were ill-prepared to make this switch to remote working. Companies acted quickly to make this switch to prioritize the safety of their employees and the wider community. Unfortunately, this type of rapid change does leave companies vulnerable to cyber-attacks

The following factors contribute to increased cyberattack threat:

  • Inexperienced workers – Many thousands of people are now working from home who have no (or very little) experience with remote working.
  • Fluidity in job roles – The evolving economic impact of the pandemic has caused businesses to make tough financial decisions. Some of these decisions involve cutting staff numbers or reducing the active workforce. These choices can significantly disrupt the usual way of working and cause job roles to become more fluid. Employees may find themselves taking on new responsibilities they are unfamiliar with. Cybercriminals can exploit this vulnerability by conducting social engineering or phishing attacks. These attacks are more likely to be successful when employees are less certain of their responsibilities or less able to spot an unusual request due to inexperience.
  • The strain on IT staff – Shifting large numbers of the workforce onto new IT systems that they are unfamiliar with naturally causes teething issues. IT staff will be spending more time fixing remote-working IT complications and have less time to dedicate to cybersecurity efforts.
  • Mistakes – A rushed implementation of new software or policies can lead to errors being made. Cybercriminals will be looking to exploit these errors before they are noticed and patched.
  • New scams and techniques – Many people are familiar with traditional scams like malicious fake invoice emails or calls to action that involve clicking on a malicious link for a familiar service. The more people are exposed to these scams or educated on them, the easier they are to spot and avoid. This is why hackers constantly work to adapt their methods to trick people. The coronavirus situation has allowed hackers to invent entirely new ways of encouraging employees to hand over their account details. During a crisis of this scale, communications from external bodies are more frequent and people are often more motivated to comply with requests from sources they deem authoritative.
  • Exposed data – Exposed information, such as user name and password, make it easy for cybercriminals to take over accounts. Don’t let your users use compromised credentials, especially not during the COVID-19 pandemic.