ArticlePDF Available

Corona Virus (COVID-19) Pandemic and Work from Home: Challenges of Cybercrimes and Cybersecurity

Article

Corona Virus (COVID-19) Pandemic and Work from Home: Challenges of Cybercrimes and Cybersecurity

Abstract

The Coronavirus (COVID-19) pandemic has led to biggest number of employees globally bound to work remotely. The people working from home required awareness and knowledge of phishing scams, the fastest growing type of cybercrime, many of which are now playing on fears of the Coronavirus. Employees from organizations of all sizes and types now have minimal cybersecurity resources, if any, compared to what is normally available to them. Organisations are required to ensure any endpoint that an employee is using are fully protected. As the Absolute 2019 Global Endpoint Security Trend Report showed, 42 per cent of endpoints are unprotected at any given time. . As the home-working becomes the new normal, criminals are seeking to capitalise on the widespread panic – and succeeding, alas. New coronavirus-themed phishing scams are leveraging fear, hooking vulnerable people and taking advantage of workplace disruption. Therefore, the people working from home should immediately get educated about their cyber privacy and cybersecurity failing which the global cybercrime damage may costs as much as double by the end of this year.
Corona Virus (Covid-19) Pandemic and Work from Home: Challenges of Cybercrimes and
Cybersecurity
Prof. (Dr.) Tabrez Ahmad
1
The Coronavirus (COVID-19) pandemic has led to biggest number of employees globally bound to work
remotely. The people working from home required awareness and knowledge of phishing scams, the
fastest growing type of cybercrime, many of which are now playing on fears of the Coronavirus.
Employees from organizations of all sizes and types now have minimal cybersecurity resources, if any,
compared to what is normally available to them.
Organisations are required to ensure any endpoint that an employee is using is fully protected. As the
Absolute 2019 Global Endpoint Security Trend Report showed, 42 per cent of endpoints are
unprotected at any given time. Therefore, the people working from home should immediately get
educated about their cyber privacy and cybersecurity failing which the global cybercrime damage may
costs as much as double by the end of this year.
As the home-working becomes the new normal, criminals are seeking to capitalise on the widespread
panic and succeeding, alas. New coronavirus-themed phishing scams are leveraging fear, hooking
vulnerable people and taking advantage of workplace disruption.
Cybercrime is the greatest threat to every company in the world, and one of the biggest problems
with mankind. The impact on society is reflected in the Official Cybercrime Report, which is published
annually by Cybersecurity Ventures. The most effective phishing attacks play on emotions and
concerns, and that coupled with the thirst for urgent information around coronavirus makes these
messages hard to resist.
According to the report, cybercrime will cost the world $6 trillion annually by 2021, up from $3
trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives
for innovation and investment, and will be more profitable than the global trade of all major illegal
drugs combined.
Cybercrime costs include damage and destruction of data, forensic investigation, restoration and
deletion of hacked data and systems, fraud, post-attack disruption to the normal course of business,
stolen money, lost productivity, theft of personal and financial data, embezzlement, and reputational
harm and theft of intellectual property. There are 10 tips on how to spot a phishing scam. As the
1
About the Author: Dr. Tabrez Ahmad is a prolific speaker & keen researcher in Cyberlaw, IPR & Energy Law.
Delivered Keynotes in, USA, UK, China, Japan, UAE, Egypt, Singapore, etc. Published more than 100 papers and
delivered talks in more than 100 conferences. An active blogger, author and editor. By SSRN he is ranked
among the Top Law Authors in the World. He is among the IPLEADERS-Top 100 most followed LinkedIn lawyers
and ranked 13th in the world. Awarded “Top 50 IP Players of 2019” by IPR Gorilla USA.
Phishing emails usually want you to click on something, for instance to update your payment details,
or access the latest information on COVID-19.
People working from home should be aware on how to detect and react to phishing frauds, and other
types of cyber-attacks. If they act immediately and thoroughly, then cybercrime damage costs can be
contained and kept at the current level. If the carelessness due to lack of awareness will continue, it
may cause heavy loss globally. As per the Cybersecurity Ventures’ estimation that cybercrime damage
costs could potentially double during the Coronavirus outbreak period is concerned not only with
phishing scams, but also with ransomware attacks, insecure remote access to corporate networks,
remote workers exposing login credentials and confidential data to family members and visitors to the
home, and other threats.
2
Malicious actors are also using COVID-19 or coronavirus-related names in the titles of malicious files
to try to trick users into opening them. One example is Eeskiri-COVID-19.chm (“eeskiri” is Estonian for
rule), which is actually a keylogger disguised as a COVID-19 help site. If unpacked, it will gather a
target’s credentials, set up the keylogger, and then send any gathered information to maildrive[.]icu.
The mention of current events for malicious attacks is nothing new for threat actors, who repeatedly
use the timeliness of hot topics, occasions, and popular personalities in their social engineering
strategies. In haste to uncover the supposed good news you could inadvertently reveal personal and
professional secrets. Indeed, in these difficult times, when it comes to cybersecurity, it’s worth to relax
and ask yourself that to Whom you should trust before proceeding on cyberspace.
Delhi Police issued advisory on cybercrime threat amid coronavirus. People are advised to be careful
before login to any website and carefully check the authenticity of the website. Most of the website
are malicious and engaged in Phishing. Think very carefully before clicking on a tempting link
purporting to be from the World Health Organization (WHO), or similar, with positive information
about the cure for COVID-19. Chances are it will be a hacker preying on your understandable anxiety
about the coronavirus pandemic. Please be careful and double cross check before login or clicking to
any links and websites. The following website have already been blocked and categorized as phishing
sites.
3
adaminpomes[.]com/em/COVID-19/index-2[.]php
mersrekdocuments[.]ir/Covid/COVID-19/index[.]php
bookdocument[.]ir/Covid-19/COVID-19/index[.]php
laciewinking[.]com/Vivek/COVID-19/
2
https://cybersecurityventures.com/cybercrime-damage-costs-may-double-due-to-coronavirus-covid-19-
outbreak/ . Visited on 4th April, 2020.
3
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-
spam-malware-file-names-and-malicious-domains. Visited on 4th April, 2020.
teetronics[.]club/vv/COVID-19/
glofinance[.]com/continue-saved-app/COVID-19/index[.]php
starilionpla[.]website/do
ayyappantat[.]com/img/view/COVID-19/index[.]php
mortgageks[.]com/covid-19/
cdc[.]gov.coronavirus.secure.portal.dog-office.online/auth/auth/login2.html
Data from artificial intelligence endpoint security platform SentinelOne shows that from February 23,
2020 to till 4th April, 2020 there was an upward trend of attempted attacks with peaks at 145 threats
per 1,000 endpoints, compared to 30 or 37 up to 22nd February, 2020. In the UK alone, victims lost
over £800,000 to coronavirus scams in February, reports the National Fraud Intelligence Bureau. One
unlucky person in particular was left £15,000 lighter after buying face masks that never arrived.
Banking trojan malware is masquerading as a WHO-developed mobile application helping individuals
recover, or virtual private network (VPN) installers. And consider that Check Point research shows
some 4,000 COVID-19 domains have been registered this year, many likely fronts for cybercrime. So-
called ‘scareware’ will only ramp up as uncertainty rises and online searches increase as people seek
information about the outbreak and solutions,” predicts Terry Greer-King, vice president of Europe,
Middle East and Africa at California-headquartered cyber organisation SonicWall. They know people
are looking for safety information and are more likely to click on potentially malicious links or
download attachments. Approximately 70 per cent of the emails Proofpoint’s threat team has
uncovered deliver malware and a further 30 per cent aim to steal the victim’s credentials.
Due to high demand for virtual conferencing and other collaboration, tools could expose more
vulnerabilities for hackers to exploit. Companies quickly adopting consumer-grade video conferencing
can make it easy for an attacker to pretend to be a member of staff. Worryingly, Apricorn research
published last year found that one third of IT decision-makers admitted their organisations had
suffered a data breach because of remote working. Further, 50 per cent were unable to guarantee
that their data was adequately secured when being used by remote workers.
The UK government’s National Cyber Security Centre published a home-working guide earlier this
week that offers tips for organisations introducing home working as well as highlighting the telltale
signs of phishing emails.
Computer viruses can spread just as easily as human viruses. Just as you would avoid touching objects
and surfaces that are not clean, so should you avoid opening emails from unknown parties or visiting
untrusted websites. Keep you devices and networks secure. You may use hand sanitiser to remove
germs from your hands, and you should have an effective antivirus solution to keep germs off your
computers and networks.
4
Home-working people must follow the following Cybersecurity Tips for their Own Welfare.
5
1. Enable multi-factor authentication wherever possible, adding another layer of security to any
apps you use. Additionally, a password manager can help avoid risky behaviour such as saving
or sharing credentials.
2. Try to use VPN solution with encrypted network connection. It is safe for the worker to access
IT resources within the organisation and elsewhere on the internet.
3. Organisations should update their cybersecurity policy and include home and remote working.
Ensure the policy is adequate as your organisation transitions to having more people outside
the office. They need to include remote-working access management, the use of personal
devices, and updated data privacy considerations for employee access to documents and
other information.
4. Employees should communicate with colleagues for official matters using IT equipment
provided by employers. There is often a range of software installed in the background of
company IT that keeps people secure. If a security incident took place on an employee’s
personal device, the organisation and the employee may not be fully protected.
5. Without the right security, personal devices used to access work networks can leave
businesses vulnerable to hacking. If information is leaked or breached through a personal
device, the company will be deemed liable.
Hope the people working from home and the concerned organisations understand the challenges of
cybersecurity and follow the suggestions to be able to get the genuine output in the ongoing difficult
phase of life, business and global economic downturn.
Please log on the below website for current global updates of Covid-19
https://www.worldometers.info/coronavirus/
Please log on below website for current updates in India of Covid-19
https://www.covid19india.org/
4
https://www.raconteur.net/technology/cyber-resilient-business .Visited on 4th April, 2020
5
https://www.raconteur.net/technology/covid-19-cybersecurity . Visited on 4th April, 2020
... VC apps have aided employees to continue operations and meet contractual commitments with limited interruptions (Adom et al., 2020;Hakim et al., 2020;Kumar & Kulkarni, 2020). While VC apps provide a convenient way for professionals to communicate and collaborate, it also creates a channel for severe privacy violations that range from theft of personal and financial information to loss of intellectual property, productivity, and reputation (Ahmad, 2020). For example, incidents of Zoom bombing raised grave privacy concerns as uninvited attendees joined VC meeting purely by guessing meeting IDs (Billingsley, 2020). ...
Article
Video conferencing (VC) applications (apps) have surged in popularity as an alternative to face-to-face communications. Although VC apps offer myriad benefits, it has caught much media attention owing to concerns of privacy infringements. This study examines the key determinants of professionals’ attitude and intentions to use VC apps in the backdrop of this conflicting duality. A conceptual research model is proposed based on theoretical foundations of privacy calculus and extended with conceptualizations of mobile users’ information privacy concerns (MUIPC), trust, technicality, ubiquity, as well as theoretical underpinnings of social presence theory. Structural equation modeling is used to empirically test the model using data collected from 484 professionals. The study offers insights regarding the trade-offs that professionals are willing to make in the face of information privacy concerns associated with VC apps. Based on the findings, the study emphasizes the promotion of privacy protection at the organizational level, control mechanisms that motivate employees to actively engage in privacy protection behavior, and a multi-faceted approach for data transparency within the VC app platforms.
... Figure 3 illustrates the cyber attack distribution across regions indicating criminals have been actively engaging in criminal activities, targeting victims with various crimes. Fears of covid pandemic, high usage of online platform, new users in the online platform and more devices in online platform have given opportunity for the criminals to strategize their attack (Ahmad, 2020;Collier et. al., 2020;Kashif et al., 2020). ...
Article
Full-text available
The Covid-19 pandemic is an unprecedented global crisis which initially perceived as threat to public health, has severely impacted economic stability and social well-being. Shutdown of business and manufacturing industries have resulted in loss of business income, retrenchment and unemployment. Such financial crisis has gained traction from criminals, taking advantage on the desperate condition to backfill the income and fulfil business and family commitments. Criminals seek opportunity to legitimize the illicit funds earned from the unlawful activities without being visible to law enforcement. Money mules are characters recruited by the criminals and placed in the money laundering chain to receive illicit funds into their personal bank accounts and transfer the funds as instructed destinations. Criminals advertise job vacancy which includes position, income, work flexibility and requirements to qualify the shortlisting. This study examines the orchestration of money mule recruitment by criminals during covid pandemic with job packages tailored to connect with victims with financial crisis. With literature research and case study techniques employed, this study was conducted as an exploratory study on the ground covid pandemic is a new phenomenon and problems have not been specifically defined. Based on the outcome of the study, criminals have been orchestrating their money mule recruitment modus operandi by tailoring attentive job packages that corresponds to financial crisis surfaced due to covid pandemic and connects the victims undoubtfully.
... As an initial report, from the first of March 2020 to the first of June 2020, 474 data breach records were added to Verizon's repository, with 36 of them being directly attributed to the COVID-19 pandemic operational shifts (Verizon, 2020a). With attacks on web applications more than doubling from the previous year, it can be expected that as more time passes and more incidents are reported on, that further attributions will be made (Ahmad, 2020;Mandal & Khan, 2020;Verizon, 2020b). Additionally, with more than a quarter of all breaches being attributed to human error and with a large number of breaches caused by stolen or brute-forced credentials, this trend can be expected to continue (Mandal & Khan, 2020;Verizon, 2020b). ...
Thesis
Full-text available
Today’s world is increasingly reliant on technology for school, work, entertainment, and general home use. Many jobs today could not be performed without the use of computer systems or other technology. As lives become intertwined with technology, everyone will inevitably encounter malicious, vulnerable, or privacy-compromising devices or services. Unfortunately, knowledge of how to deal with these cybersecurity and privacy issues is not something that falls within the domain of common knowledge for the everyday person. Additionally, there is a lack of work being done to understand the educational needs of various groups within the general public and educate them. This quantitative survey research study seeks to add to this knowledge base by looking to better understand what university students at the Southeastern Louisiana University comprehend regarding cybersecurity and privacy protection best practices and associated standard technologies. Furthermore, this work will examine whether the student’s academic major has any effect on their responses. This research examines the responses from university students to a survey using nontechnical questions in cybersecurity, privacy protection, and some standard, related technologies. The combination of answers to these questions and the major given by the student provides conclusions of what is common knowledge for the university population and if their major had any effect on their ability to answer the questions correctly. Based on 810 responses to the survey, it can be concluded that there are participants who are unsure or incorrect in their knowledge of a given idea for any of the examined subjects. Additionally, majoring in computer science or information technology results in students having an increased likelihood to answer correctly. Students in these majors do show a lower rate of providing an incorrect answer, but it does not eliminate the deficiencies. The research shows that education for all students in cybersecurity, privacy protection, and related technologies is needed. Finally, while some solutions are presented, additional research is required to educate them further.
... They may be exposing themselves to hazards that are mitigated while working at the office. Employees risk losing critical or secret info, having their information damaged, or being vulnerable to cyber hijacking while working remotely if required safeguards are not in place [6], [7]. Employee burnout might result from hybrid work [8], [9]. ...
Article
Full-text available
As the businesses recover from the COVID-19 epidemic, a new working paradigm is emerging: the hybrid work arrangement. A hybrid work method is a working approach that enables workers to work from several places, such as at home, on the move, or in the workplace. People are expressing their opinions on different social media outlets about the new work model. Organizations and businesses value public views. Because public perspectives will allow decision-makers to adapt promptly to rapidly transforming cultural, commercial, and social environments. Opinion mining is traditionally used to summarize the quantity of positive and negative responses in a given text using sentiment analysis techniques. Opinionated material from social media sites is used to identify people's enthusiasm or displeasure with a certain issue under debate. This study analyzes the public sentiments (positive, negative, and neutral) on a hybrid work model using Twitter API and the Robustly Optimized BERT Pre-training Approach (RoBERTa). Out of 1 thousand tweets containing the term "hybrid work", 37 (4.2%), 305 (33.3%), and 658 (62.5%) tweets were classified as negative, neutral, and positive, respectively. We also compared the public sentiments about hybrid work with those of remote work. The RoBERTa classified 8(1.6%), 436 (85.9 %), and 62 (12.5%) tweets as negative, neutral, and positive, respectively. The results showed that The majority of individuals showed favorable sentiment toward the hybrid work arrangement. The findings also demonstrate that "hybrid work" has an affinity with "remote work", "ai", "digital transformation" and "future of work".
... That is why organisations and businesses need to reformat their security systems and provide adequate resources to their employees who have switched to remote operations. According to Ahmad (2020), this is the reason for the growth of phishing fraud during the pandemic. Also, the author noted the importance of a rapid response to the situation, because, in the absence of action, the global damage from cybercrime could cost twice as much by the end of 2020. ...
... These companies are at risk because employees may use personal machines with outdated operating systems and applications, download applications that normally would not be allowed to be used on a corporate network, connect to insecure Wi-Fi outside their homes, browse websites that otherwise would be blocked by corporate IT, neglect data backups and so on. While these actions can expose organizations to potential attacks, organizations have limited control over employees' personal devices (Ahmad, 2020). Education (addressed in the next section), therefore, remains the key solution to undesired behaviours and practices of remote employees. ...
Preprint
Full-text available
The COVID-19 pandemic forced employees around the world to work remotely in improvised home offices that were quite unprepared as regards cybersecurity requirements. However, in future, this will become the "new normal" as more and more employees choose to exchange the drudgery of long daily commutes for the freedom to work from home. In this paper, the security risks of teleworking are considered. Interviews were conducted with a number of industry professionals and specialist cybercrime police officers to form a sense of the challenges raised by teleworking. On the basis of analysis of interview data and prior literature, a number of simple recommendations are proposed to guide organizations in devising security work-from-home (WFH) security policies.
... COVID-19 has severely affected all sectors of industry and social life. Coronavirus forces the inhabitants of the planet to stay indoors (Ahmad, 2020;Al-Dmour et al., 2020;Beaunoyer et al., 2020). COVID-19 has a clear impact on the import and export process, and this is the reason for the decrease in the freight movement of import and export of the commodity and the traffic between the continents of the globe greatly. ...
Article
Full-text available
The study aimed to shed light on the problems facing the tourism land transportation companies and to explore the impact of the pandemic on this sector. The descriptive-analytical methodology was used to carry out this study and a sample of 117 employees of the Jordanian tourism land transportation companies was selected. An electronic questionnaire was distributed via e-mail to the study sample. The results showed that the tourism land transportation sector suffers from a number of difficulties such as traffic jams, unqualified infrastructure, instability of oil derivative prices, and tourist seasonality. Results showed a negative impact of the Corona pandemic on the land tourism transportation sector, as many of the procedures taken had dire consequences on this sector. The study presented some solutions from the point of view of workers in tourist land transportation companies.
... The study recommended organisations to utilise multi-factor authentication instead of just passwords, and to rely on end-to-end encryption and virtual private networks (VPNs) for handling company data. Also the discussion in [60] outlined the many challenges and security concerns caused by the pandemic, and specifically, by the shift to remote working. The author discussed the increase in phishing scams that are preying on COVID-19 fears and panics, and how cyber-crime cost the world 6$ trillion annually by 2021. ...
Article
Full-text available
The COVID‐19 pandemic coincided with an equally‐threatening scamdemic: a global epidemic of scams and frauds. The unprecedented cybersecurity concerns emerged during the pandemic sparked a torrent of research to investigate cyber‐attacks and to propose solutions and countermeasures. Within the scamdemic, phishing was by far the most frequent type of attack. This survey paper reviews, summarises, compares and critically discusses 54 scientific studies and many reports by governmental bodies, security firms and the grey literature that investigated phishing attacks during COVID‐19, or that proposed countermeasures against them. Our analysis identifies the main characteristics of the attacks and the main scientific trends for defending against them, thus highlighting current scientific challenges and promising avenues for future research and experimentation.
Article
Full-text available
Hospitality institutions such as hotels and restaurants realize the importance of the performance of human capital in their success, development, and market position. Thus, this research is conducted to identify the factors impacting Jordan's hospitality employee performance. Therefore, Leadership, post-COVID-19 practices, Organizational Culture, and Employee Reaction to Changes is the factor that has been measured to explore their impact on employee performance. An online questionnaire was utilized and distributed to the study sample. The random sample technique was used, and 219 responses were obtained. The findings revealed that the aforementioned factors were shown to have a significant effect on the performance of employees. The findings also reveal that the new safety practices have had a significant impact on Jordanian employees' performance
Article
Purpose The current COVID-19 pandemic has already proven to be one of the world’s deadliest crises in modern history with far-reaching impacts on different sectors of the global economy. The financial sector is among the most widely affected by the economic crisis occasioned by the COVID-19 pandemic. One of the most notable effects is related to financial crime. It is against this backdrop that the present study aimed to examine the impact of COVID-19 on financial institutions with the main focus being on financial crime Design/methodology/approach Its twofold objectives were to critically examine the global emerging patterns of financial crime and their association with the COVID-19 pandemic; and to investigate how financial institutions across the world have been responding to, managing, and dealing with the emerging patterns of financial crime brought about by (or linked to) the COVID-19 pandemic. Findings It was found out that as the pandemic ravages the world and pushes people and businesses to the very limits of their endurance, many financial sector stakeholders and players are responding in ways that put the entire financial sector and all its stakeholders at great risk. Specifically, COVID-19 pandemic has led to the emergence of new patterns of financial crime that were either unheard of or were not as rampant in the past. Originality/value Both the descriptive and correlation analyses produced by this study provide new insights into the impact of COVID-19 on financial institutions with a main focus on financial crime.
ResearchGate has not been able to resolve any references for this publication.