TechDigits

Tech news
Friday, Mar 29, 2024

Cybercrime lurks as biggest work-from-home experiment puts state, corporate secrets in peril

Staff working at home or connected to public Wi-fi networks are more likely to be hacked, security analysts. Hong Kong weathered first month of working-from-home regime without any noticeable rise in cybercrime, according to privacy commissioner

Go to a coffee shop in Hong Kong and you will see office workers wearing masks to protect themselves from catching the new coronavirus, connecting to public Wi-fi and shuffling through papers downloaded from their office servers.

While that may be a common sight after the biggest shift in work culture ever, the risk from another form of attack has remained constant over time: cybercrime.

From stock traders to civil servants, more employees are handling confidential information off-site globally under less robust security safeguards as the viral outbreak brought on the biggest work-from-home experiment in decades. That poses a risk to governments and businesses who were not fully prepared for the shift on such a scale, security analysts say.

“I’ve seen a lot of individuals over the last few weeks working in coffee shops, using public Wi-fi,” Stuart Witchell, a managing director at risk consultancy firm Berkeley Research Group, said in an interview. “Data is obviously more vulnerable outside the corporate environment.”

More than 60 per cent of companies in major Chinese cities have not reopened offices since the Lunar New Year holiday, allowing employees in the world’s second-largest economy to work remotely from home, according to statistics from Baidu, which operates China’s biggest search engine.

The government of Hong Kong has been encouraging some of its 176,000 civil servants and private companies to work remotely to help contain the virus, while guarding against hackers.

“Fraud attempts are certainly up, especially with many more finance persons working from home with less than ideal technology or no secure connectivity,” Steve Vickers, chief executive of Steve Vickers & Associates, a specialist political and corporate risk consultancy based in Hong Kong.

While work-from-home is nothing new in the US, it is less common across Asia. This made the abrupt and urgent need to organise staff working from home en masse that much more difficult, said Sean Chen, director of strategy in Hong Kong at Blackpeak, an investigative research firm.

“Face-time is more important in Asia’s work culture,” said Chen, who grew up in Taiwan and has worked in Washington, Beijing and Shanghai. Accessing data from home leaves them vulnerable, especially as IT help desk professionals are responding less quickly to off-site threats, he added.

Even if Hongkongers have experienced working from home during the anti-government protests last year or even as far back as 2003 during the Sars (severe acute respiratory syndrome) outbreak, the current exercise across Asia is unprecedented in its magnitude.

As a result, the IT systems may struggle to cope with the extra load, some experts say. Moving large amounts of confidential data into drop boxes to overcome system bottlenecks can be detrimental, said Vickers.

“Many systems, whilst apparently technically sound, were never designed for the very significant numbers of additional users and the protracted periods involved,” he said. “This is dangerous and may lead to significant data loss or fraud” despite the good intentions, he added.

Staff without access externally to data on their company’s cloud may download data from a server onto potentially vulnerable personal devices, or print out hard copies of documents and carry them off-site, said Witchell of Berkeley Research.

To be sure, the Hong Kong government has not received any reports on data leakage from government departments during the past one month, according to a spokeswoman for its Chief Information Officer. Workers use secure communications channels and are trained in cybersecurity, she added.

The Hong Kong Monetary Authority said it has not observed increased threats of cyberattacks targeting banks, nor received any reports about customer data leakage resulting from banks’ work-from-home arrangements, a spokeswoman said.

Another high-risk group is stock brokers. Many investment banks are splitting trading teams into two, with one group working from the office and another from home, according to traders contacted by the Post.

“In today’s advanced tech environment, it should not be a problem for traders to work from home,” said Brock Silvers, managing director at Adamas Asset Management. “It may not be optimal for longer-term business purposes, but it should work from a compliance standpoint.”

Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD) has received 10 notifications on data breach between January 29 and February 26, it said. One of them is related to cybercrime. It also received two complaints relating to cybercrime or loss of data.

These figures, however, do not represent a significant leap in data loss, it said.

“Hackers are watching every pitfall in mobile devices or Wi-fi connection to steal personal data or sensitive data,” said Stephen Wong Kai-yi, who oversees the PCPD office. The first line of defence may just be a routine change of Wi-fi password and proper antivirus and malware software, he added.

Many international firms with offices in Asia have robust data encryption in place. The weaker links in the chain, however, are likely among the smaller, local businesses, said risk analysts. Using social media apps such as WhatsApp or WeChat could produce untold damage, analysts warn.

“You do not know who is pinging what,” said Chen of Blackpeak. “Companies wouldn’t want employees to send each other documents via social media – that is not part of normal procedures.”

With workers gradually drifting back to the office as the number of new coronavirus cases ebbs in mainland China, lessons can be learned from the experiment as long term, the working from home trend gains traction as part of business continuity plans.

Best practice would be for companies to store data on the cloud and allow staff to access it externally, according to data security consultants. They should have protocols in place for working remotely and train staff regularly on them, as well as staying out of public Wi-fi networks. Still, it is hard to protect against human error, said Witchell of Berkeley Research.

“Once people start bringing laptops home, inevitably they leave them on the bus or train,” he said.

Newsletter

Related Articles

TechDigits
0:00
0:00
Close
FTX's Bankman-Fried headed for jail after judge revokes bail
America's First New Nuclear Reactor in Nearly Seven Years Begins Operations
Southeast Asia moves closer to economic unity with new regional payments system
Today Hunter Biden’s best friend and business associate, Devon Archer, testified that Joe Biden met in Georgetown with Russian Moscow Mayor's Wife Yelena Baturina who later paid Hunter Biden $3.5 million in so called “consulting fees”
Google testing journalism AI. We are doing it already 2 years, and without Google biased propoganda and manipulated censorship
Musk announces Twitter name and logo change to X.com
The future of sports
TikTok Takes On Spotify And Apple, Launches Own Music Service
Hacktivist Collective Anonymous Launches 'Project Disclosure' to Unearth Information on UFOs and ETIs
Typo sends millions of US military emails to Russian ally Mali
Server Arrested For Theft After Refusing To Pay A Table's $100 Restaurant Bill When They Dined & Dashed
Democracy not: EU's Digital Commissioner Considers Shutting Down Social Media Platforms Amid Social Unrest
Sarah Silverman and Renowned Authors Lodge Copyright Infringement Case Against OpenAI and Meta
Why Do Tech Executives Support Kennedy Jr.?
The New York Times Announces Closure of its Sports Section in Favor of The Athletic
Florida Attorney General requests Meta CEO's testimony on company's platforms' alleged facilitation of illicit activities
The Poor Man With Money, Mark Zuckerberg, Unveils Twitter Replica with Heavy-Handed Censorship: A New Low in Innovation?
The Double-Edged Sword of AI: AI is linked to layoffs in industry that created it
US Sanctions on China's Chip Industry Backfire, Prompting Self-Inflicted Blowback
Meta Copy Twitter with New App, Threads
BlackRock Bitcoin ETF Application Refiled, Naming Coinbase as ‘Surveillance-Sharing’ Partner
UK Crypto and Stablecoin Regulations Become Law as Royal Assent is Granted
A Delaware city wants to let businesses vote in its elections
Alef Aeronautics Achieves Historic Milestone with Flight Certification for World's First Flying Car
Google Blocked Access to Canadian News in Response to New Legislation
French Politicians Advocate for Pan-European Regulation on Social Media Influencers
Melinda French Gates Advocates for Increased Female Representation in AI to Prevent Bias
Snapchat+ gains 4 million paying subscribers in its first year
Apple Makes History as the First Public Company Valued at $3 Trillion
Elon Musk Implements Twitter Limits to Tackle Data Scraping, but Faces Criticism for Technical Misunderstanding
EU and UK's Slow Electric Vehicle Adoption Raises Questions About the Transition to Green Mobility
Top Companies Express Concerns Over Europe's Proposed AI Law, Citing Competitiveness and Investment Risks
Meta Unveils Insights on AI Usage in Facebook and Instagram, Amid Growing Calls for Transparency
Crypto Scams Against Seniors Soar by 78% in 2022, Experts Urge Vigilance
The End of an Era: National Geographic Dismisses Last of Its Staff Writers
Shield Your Wallet: The Perils of Wireless Credit Card Theft
Harvard Scientist Who Studies Honesty Accused Of Data Fraud, Put On Leave
Putting an End to the Subscription Snare: The Battle Against Unwitting Commitments
The Legal Perils of AI: Lawyer Faces Sanctions for Relying on Fictional Cases Generated by Chatbot
ChatGPT’s "Grandma Exploit": Ingenious Hack Exposes Loophole in AI, Generates Free Software Codes
The Disney Downturn: A Near Billion-Dollar Box Office Blow for the House of Mouse
A Digital Showdown: Canada Challenges Tech Giants with The Online News Act, Meta Strikes Back
Distress in the Depths: Submersible and Passengers Missing in Titanic Wreckage Expedition
Mark Zuckerberg stealing another idea: Twitter
European Union's AI Regulations Risk Self-Sabotage, Cautions smart and brave Venture Capitalist Joe Lonsdale
Nvidia GPUs are so hard to get that rich venture capitalists are buying them for the startups they invest in
Chinese car exports surge
Reddit Blackout: Thousands of Communities Protest "Ludicrous" Pricing Changes
Nvidia Joins Tech Giants as First Chipmaker to Reach $1 Trillion Valuation
AI ‘extinction’ should be same priority as nuclear war – experts
×