No personal meetings, no coffee break together, alone in front of the screen - the corona pandemic has changed everyday life for many employees. Even criminals have long since adapted to the new world of work - for many in the home office.
Opportunities open up for them. The biggest point of attack: people. In March, according to the IT industry association Bitkom, every second employee went completely or at least partially to the home office. This posed technical challenges for companies: instead of working at the service computer in the company network, their employees suddenly sat at home, many in the private network.
"From a purely technical point of view, home offices open gateways where there weren't any before," says Arwid Zang, managing director of the IT security platform Greenhats in Weimar in central Hesse. Security-conscious companies have such gateways regularly viewed and secured from the outside Employees were unsettled anyway. "Humans, on the other hand, were already a risk before, but now you have even more opportunities to catch them on the wrong foot in the home office," explains Zang.
Employees would now be constantly confronted with innovations. Therefore they questioned changes less. "You can also take advantage of fears and write emails that look like messages from the authorities, for example on the subject of short-time work benefits."
A classic among the scams is phishing, the tapping of data such as passwords through fake emails. Other fraudsters don't use malware: "I don't fake email, I fake a company," says Zang. This happens, for example, with an Internet address - similar to the company name, perhaps with a different ending such as ".eu". The employees would then receive an email instructing them to log into the supposed company portal. If someone falls for it, the hacker has his data.
The fact that cybercriminals react quickly to socially relevant issues is also stated by the Federal Office for Information Security in its new report "The State of IT Security in Germany 2020". The federal government warned in the summer that the increased use of online communication due to the corona would lead to more cyber attacks.
"In principle, the increased home office increases the chances of attack and, in some cases, improves the chances of attack," says Sebastian Wolf, spokesman for the Hessian State Criminal Police Office. Social engineering - that is, social manipulation - becomes easier in the course of spatial separation. However, the first wave of home offices did not lead to an increase in the number of cases of cyber attacks in the home office.
According to business and professional associations, however, companies usually remain silent about hacker attacks because they fear that their customers will lose their trust. "The stigmatization of affected companies is still a problem," explains Sebastian Artz, IT security officer at Bitkom. Immediately after the corona shock, it was important for the companies to maintain their core business processes.
Now the focus must increasingly turn towards IT security. What is needed is a "balance between user-friendly access to company data from the home office and appropriate protection of the IT infrastructure". That would be a two-factor authentication - for example, checking the login data entered via smartphone.
Green hats recommend simulated hacker attacks at irregular intervals, also to train employees. A criminal method of making money from company data is through the use of ransomware. Sensitive data is encrypted and the company is supposed to pay a ransom for access.
"There have been a lot of automated attacks with encryption Trojans in the past year," says Zang.
With the end of the pandemic, the challenges for companies are not getting any smaller, as Bitkom expert Artz says:
"It will be interesting when employees return to the office. Companies should already think about how this can be prevented possibly infected devices and data before they are brought into the company network. "
Brilliant one