Close this search box.

Cybersecurity Impacts of Remote Work During Coronavirus 2019 (COVID-19)

Table of Contents
    Add a header to begin generating the table of contents
    Scroll to Top

    Recent Posts

    Graph of COVID-19 related domain name registrations

    The Coronavirus 2019 (COVID-19) pandemic has forced businesses, organizations, and government agencies to immediately change their operating model, resulting in furloughs and sending workers home to telework. Employers are struggling to ensure their employees are safe, healthy, productive, and equipped during this time. Many organizations who were never designed to support WFH are finding they lack the proper IT infrastructure and digital capabilities to support this model. The lack of a properly architected remote work capability is resulting in all new cybersecurity vulnerabilities that are exposing people and organizations to new risks.

    Cybercrimals Are Exploiting the Coronavirus

    We are already seeing a dramatic increase in cyberattacks exploiting the fears and concerns of people. For example:

    Social Engineering Remains the Highest Threat

    Social engineering attacks primarily conducted through phishing emails has historically been the most common way attackers compromise systems and networks. An already successful attack vector is even more powerful in a situation such as a pandemic because clever attackers exploit the fears of people to get them to click a link or open an attachment.

    Here are some examples that we are seeing in phishing attacks related to COVID-19:

    • Phishing emails offering free COVID-19 tests or vaccines
    • Malware is being embedded in COVID-19 tracking maps and mobile apps
    • Emails being sent asking for donations or assistance to help fight the Coronavirus outbreak
    • Legitimate looking emails that purport to come from a government organization with important COVID-19 information with malicious attachments or a link that goes to a malicious URL

    New Vulnerabilities Facing Organizations

    Organizations that did not have policies, procedures, and technology solutions addressing remote work before the pandemic are finding themselves at increased risk in a number of areas. Some of these risks include:

    • There is no remote access capabilities such as a Virtual Private Network (VPN) to allow workers to securely access company or agency assets. Or, if there are VPN capabilities the infrastructure and/or licensing limits are inhibiting the entire workforce to function
    • Organizations lack a collaboration tool such as WebEx, Zoom, Teams, Skype, Slack, etc. so employees are either using anything they can find online, or organizations are quickly procuring something without taking into account the privacy and security concerns. Zoom, for instance, has been highly criticized over its privacy policy (which was recently changed) and lack of complete encryption
    • System alerts that may normally go into a Security Operations Center (SOC), Managed Security Services Provider (MSSP) or some other monitoring dashboard may not be seen
    • Security monitoring staff may be unable to keep up with the increased remote traffic and tools such as Network Intrusion Detection and Prevention (IDPS), full packet capture, and Network Traffic Analysis (NTA) tools may not be able to keep up with the throughput, leaving the organization blind to malicious activity
    • Security staff may not be able to work from home, outsourced security staff may be getting sick, and other distractions may reduce the effectiveness of either organic or outsourced security incident responders

    Additional Safety Risks

    Organizations should consider these additional security risks:
    • Commercial Cloud Service Providers (CSPs) are under unprecedented demand for services, which has resulted in a diminished experience in some cases. This includes the timeliness of notifications such as security events. For security tools in the cloud such as a vulnerability management tool or Security Information and Event Management (SIEM) tool, they may have degraded performance.
    • Organizations must consider temporarily turning off or significantly throttling vulnerability scans against systems that are no dispersed at private residences. Network bandwidth to the vulnerability management scanner and on home networks may not be able to handle the traffic. Scanners may just need to be looking for the most several vulnerabilities only to limit traffic
    • A reduction in vulnerability information and the inability to scan systems for compliance changes (such as with DISA STIGs or other hardening benchmarks) with a SCAP tool will occur.
    • Systems and peripheral devices are being taken home that were not intended to leave an office. Because of this, systems may not be secured properly, such as having full disk encryption (FDE) and data on those devices are susceptible to unauthorized disclosure in the event of a theft or home burglary
    • Users may take it upon themselves to “get the job done” and bypass security controls such as using personal email or cloud storage that may expose the organization to risk or regulatory compliance violations
    Alexa deviceNew Privacy Concerns
    Since many organizations lack policies for telework and most employees were not setup with a home office before the pandemic, it opens the door to an increased risk to privacy. As employees begin using technologies they are not familiar with (such as video conferencing), are not working out of a secured home office, and have home technologies that introduce new challenges, employers must provide guidance to employees to protect the privacy of clients, patients, customers, and other employees.

    Here are some privacy considerations that organizational leadership should consider:

    • If a policy doesn’t already exist about WFH, make sure to draft one and communicate it out to the workforce
    • Ensure employees understand how to keep computers and mobile devices secure and that family members and others at the home should not use work-related devices
    • Consider policy that requires the removal of smart home devices like Amazon Alexa or Google Home from any room where work-related discussions are taking place. It’s widely known that these devices record and store conversations that they overhear
    • Make sure employees are only using organizationally-approved devices and applications to conduct work. Don’t rush to procure something without vetting it first from both a cybersecurity risk and a privacy risk.


    Enact these administrative recommendations within your organization:

      • Begin an immediate public education campaign with employees, highlighting the increased risk that organizations now face and reinforcing that security policies are still in place. Consider using SANS deployment kit available here
      • Ensure everyone knows how to reach the IT security team. Consider adding real-time access to the incident response (IR) team / SOC with tools like Yammer, Teams, Skype, or Slack
      • Educate users on how to secure their home networks
      • Determine a solution for dealing with derived credential expirations and other Identity and Access Management (IAM) challenges with an entirely remote workforce
      • Ask your employees to watch this quick video from SANS on securing their home

    Technical Recommendations

    Enact these technical recommendations within your organization:

    • Block endpoints from navigating to unknown / not seen before domains
    • Consider having endpoints check for endpoint security definitions directly from the vendor instead of coming through the corporate network, if it is possible
    • Consider pushing GPO changes to have systems reach directly out to Microsoft or Apple for system patches and updates instead of coming through the VPN for centrally managed (e.g., SCCM) patches to reduce bandwidth needs and delays in patching
    • Consider minimizing monitor and control activities to focus only on those of the highest risk to reduce alert fatigue of SOC analysts and to ensure capacity for alerts you truly need to care about
    • Test your incident response capabilities by using things like the EICAR file on remote systems to ensure alerts are being sent and how long of a delay IR teams should expect

    Additional Recommendations


    SANS: For Individuals – Securely Working From Home Factsheet: PDF, DOC
    For Organizations – Securely Working From Home Deployment Kit
    World Economic Forum:
    C-M Alliance:
    Remote Working Cybersecurity Checklist for all organizations:
    Preventing Eavesdropping and Protecting Privacy on Virtual meetings – Blog
    NIST SP 800-46r2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security

    At Natsar, we are continuously improving our products and services. Please let us know how we did and if this information and resources were helpful to you.

    Picture of Josh Moulin

    Josh Moulin

    Josh Moulin has been in the cybersecurity field for over two decades and worked in a variety of roles. He is the founder and principal of Natsar, a cybersecurity company in New York, USA. Previously, he has served in roles including the Senior VP of Operations at the Center for Internet Security (CIS), commander of an FBI cybercrimes task force, director of an ASCLD/LAB accredited digital forensics lab, Chief Information Officer (CIO) and Chief Information Security Officer (CISO) of a national security program within the United States nuclear weapons enterprise, and an Executive Partner at Gartner, the world’s largest research and advisory company. Josh is considered an expert in cybersecurity, risk management, and organizational leadership and frequently engages with companies around the world on these and other topics. He has a Master of Science Degree in Information Security Assurance and the following certifications: CAWFE, CEH, CFCE, CHFI, CISSP, CNDA, DFCP, GCFA, GCFR, GCIA, GIME, and GSEC.

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Scroll to Top

    Contact Natsar

    Fill out the form below, and we will be in touch shortly.
    Please enable JavaScript in your browser to complete this form.