The 2020s will be remembered as the decade that began with a global pandemic. The entire world has been affected, and significant global resources have been redirected to fight the pandemic. Some opportunistic cybercriminals have taken advantage of the pandemic environment to breach both consumer and organizations’ data. These cybercriminals are using COVID-19-themed emails as an opportunity to unleash ransomware attacks on organizations and consumers. Ransomware is a type of malware that typically threatens to publish the victim’s data or prevent the victim from accessing the data unless a ransom is paid.

According to a recent KPMG blog, current ransomware related email lures include:

• Information about vaccines, masks, and short-supply commodities like hand sanitizer.
• Financial scams offering payment of government assistance during the economic shutdown.
• Free downloads for technology solutions in high demand, such as video and audio conferencing platforms.
• Critical updates to enterprise collaboration solutions and consumer social media applications.

This paper focuses on Remote Workforce and Remote Learning as areas that cybercriminals will continue targeting in 2021 and beyond.

As employers and employees embrace remote work, there may be high risks derived from increased levels of stress and behavioral changes related to working from home. Employees who were used to structured office environments are now adjusting to working from home with distractions and even burnouts due to the inability to switch off from work-life to home-life, and the stress related to lifestyle adjustments to cope with Covid-19 guidelines. Covid-19 related anxiety and high stress levels can make remote employees vulnerable to phishing scams.

The sudden move to a remote workforce also has significant impact on IT resources and IT professionals’ workload. A survey of more than 1,600 IT professionals conducted by Ivanti revealed that the IT workload has increased since remote work was embraced. The survey revealed that 66% of IT professionals surveyed have witnessed a rise in security incidents in their remote work environment. 58% of the incidents were related to malicious emails, 45% of the incidents related to non-compliant employee behavior, and 31% were related to software vulnerabilities.

The following mitigation strategies may help reduce cybersecurity risks related to remote work.

• Education and awareness are key to cybersecurity risk mitigation. Organizations should continuously educate remote employees on the emerging threat landscape and empower them to protect themselves from cyber threats. Developing and implementing organization-wide cybersecurity best practices will help remote employees avoid falling victims to hackers’ schemes. For example, they should learn how to detect and avoid opening phishing or deceptive emails.
• Home Wi-Fi networks that employees use for remote work should be secured and protected. The cybersecurity best practices training for remote employees should also cover password protection for home Wi-Fi routers. In instances where employees need to access highly sensitive company data for work purposes, those employees should be provided with a firewall to better secure their home Wi-Fi networks.
• Remote work devices such as computers, printers and mobile phones should be secured and protected. Employers should provide and install secure VPN access, data encryption software, email content filtering and malware defense software, etc., to devices used by remote employees. These security applications should act as the first line of defense against cyber threats.
• Even though there is a level of trust in the environment where employees work from home since everybody around them is familiar and trusted, employees should still strictly follow their company’s internet and computer usage policies, and security guidelines provided by their employers.
• Remote employees should follow password and login policies to protect their information. Work passwords and other login credentials should not be shared with members of the family or household.

Covid-19 forced schools to develop a hybrid learning system incorporating remote learning and in-school learning. The remote learning environment has led to schools and students being exposed to higher levels of cybersecurity risks. According to The US Government’s Cybersecurity and Infrastructure Security Agency (CISA), malicious cyber actors have been targeting school computer systems, slowing access, and rendering the systems inaccessible to remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a huge amount of ransom.

As schools’ IT resources are constrained due to deployment of remote learning technologies and resources, cybercriminals have intensified their attacks on the schools.  Last September, Miami-Dade County Public Schools’ (M-DCPS) virtual learning platform was brought down by Distributed Denial-of-Service cyber (DDoS) attacks that overwhelmed its network. During the same month, attacks were unleashed on three other school districts: (i) ransomware hackers breached Fairfax County Public Schools’ computer system which serves almost 190,000 students in Northern Virginia, (ii) a separate ransomware attack was unleashed on Haywood County Schools systems in North Carolina, and (iii) Hartford Public Schools’ 18,000 students were affected when the Connecticut school district had to postpone learning due to a ransomware attack.

According to Bloomberg, 57% of ransomware attacks reported in August and September last year targeted K12 schools.

The following are preferred methods of cyberattacks that cybercriminals like to deploy against schools and or school districts.

1. Distributed Denial-of-Service (DDoS) attacks continuously bombard a web site, server or app with a lot of information that prevents other users and systems from connecting and accessing the data they need.
2. Ransomware attacks such as those highlighted above are designed to extort money in the form of a ransom payment from the victims. Under ransomware attacks, the hackers will typically threaten to expose sensitive student and teacher data or shut down remote learning resources until ransom is paid.
3. Video Tele Conferencing (VTC) Disruption occurs when hackers hijack video calls during online learning and then post inappropriate messages and pornographic images. The deep trauma caused by this method of attack to students and teachers may take a long time to heal.

• Emphasis on Security Awareness Training (SAT) to teach students, teachers, and parents to be aware of potential threats and techniques such as email phishing and VTC disruption that cybercriminals use.
• Schools and school districts should institute a policy requiring multi-factor authentication (MFA) for all devices connecting to the schools’ network resources and applications, including teachers and students email accounts.
• Remote learning creates new data and potential risks of data loss. Schools and school districts should implement secure data backup systems in the cloud (offsite) to prevent data loss when the main data storage is compromised.
• Schools and school districts should consider implementing network segmentation and network redundancy as part of their incident response plan to counter cyberattacks, e.g. DDoS attack. Network redundancy will ensure network availability and decrease risk of failure while network segmentation breaks up the network into different segments that are protected by firewalls while limiting potential criminals’ visibility into the entire network and network assets.
• Home Wi-Fi networks that parents, students, and teachers use for remote learning should be secured and protected. The home Wi-Fi network can be protected using a strong password, enabling wireless network encryption, turning on the wireless router’s firewall, and using VPN to access to the internet, etc.
• For video conferences, schools should require passwords for sessions, recommend that students not share passwords, require students to use their real names and not aliases, and take a rollcall to ensure that only invited guests are in the video conference room.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.