Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Emerging COVID-19 threat landscape: Remote workforce and remote learning

By James Opiyo
ransomware cyber freepik
June 3, 2021

The 2020s will be remembered as the decade that began with a global pandemic. The entire world has been affected, and significant global resources have been redirected to fight the pandemic. Some opportunistic cybercriminals have taken advantage of the pandemic environment to breach both consumer and organizations’ data. These cybercriminals are using COVID-19-themed emails as an opportunity to unleash ransomware attacks on organizations and consumers. Ransomware is a type of malware that typically threatens to publish the victim’s data or prevent the victim from accessing the data unless a ransom is paid.

According to a recent KPMG blog, current ransomware related email lures include:

  • Information about vaccines, masks, and short-supply commodities like hand sanitizer.
  • Financial scams offering payment of government assistance during the economic shutdown.
  • Free downloads for technology solutions in high demand, such as video and audio conferencing platforms.
  • Critical updates to enterprise collaboration solutions and consumer social media applications.

This paper focuses on Remote Workforce and Remote Learning as areas that cybercriminals will continue targeting in 2021 and beyond.

Remote Workforce

As employers and employees embrace remote work, there may be high risks derived from increased levels of stress and behavioral changes related to working from home. Employees who were used to structured office environments are now adjusting to working from home with distractions and even burnouts due to the inability to switch off from work-life to home-life, and the stress related to lifestyle adjustments to cope with Covid-19 guidelines. Covid-19 related anxiety and high stress levels can make remote employees vulnerable to phishing scams.

The sudden move to a remote workforce also has significant impact on IT resources and IT professionals’ workload. A survey of more than 1,600 IT professionals conducted by Ivanti revealed that the IT workload has increased since remote work was embraced. The survey revealed that 66% of IT professionals surveyed have witnessed a rise in security incidents in their remote work environment. 58% of the incidents were related to malicious emails, 45% of the incidents related to non-compliant employee behavior, and 31% were related to software vulnerabilities.

 

Mitigation Strategies

The following mitigation strategies may help reduce cybersecurity risks related to remote work.

  • Education and awareness are key to cybersecurity risk mitigation. Organizations should continuously educate remote employees on the emerging threat landscape and empower them to protect themselves from cyber threats. Developing and implementing organization-wide cybersecurity best practices will help remote employees avoid falling victims to hackers’ schemes. For example, they should learn how to detect and avoid opening phishing or deceptive emails.
  • Home Wi-Fi networks that employees use for remote work should be secured and protected. The cybersecurity best practices training for remote employees should also cover password protection for home Wi-Fi routers. In instances where employees need to access highly sensitive company data for work purposes, those employees should be provided with a firewall to better secure their home Wi-Fi networks.
  • Remote work devices such as computers, printers and mobile phones should be secured and protected. Employers should provide and install secure VPN access, data encryption software, email content filtering and malware defense software, etc., to devices used by remote employees. These security applications should act as the first line of defense against cyber threats.
  • Even though there is a level of trust in the environment where employees work from home since everybody around them is familiar and trusted, employees should still strictly follow their company’s internet and computer usage policies, and security guidelines provided by their employers.
  • Remote employees should follow password and login policies to protect their information. Work passwords and other login credentials should not be shared with members of the family or household.

Remote Learning

Covid-19 forced schools to develop a hybrid learning system incorporating remote learning and in-school learning. The remote learning environment has led to schools and students being exposed to higher levels of cybersecurity risks. According to The US Government’s Cybersecurity and Infrastructure Security Agency (CISA), malicious cyber actors have been targeting school computer systems, slowing access, and rendering the systems inaccessible to remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a huge amount of ransom.

As schools’ IT resources are constrained due to deployment of remote learning technologies and resources, cybercriminals have intensified their attacks on the schools.  Last September, Miami-Dade County Public Schools’ (M-DCPS) virtual learning platform was brought down by Distributed Denial-of-Service cyber (DDoS) attacks that overwhelmed its network. During the same month, attacks were unleashed on three other school districts: (i) ransomware hackers breached Fairfax County Public Schools’ computer system which serves almost 190,000 students in Northern Virginia, (ii) a separate ransomware attack was unleashed on Haywood County Schools systems in North Carolina, and (iii) Hartford Public Schools’ 18,000 students were affected when the Connecticut school district had to postpone learning due to a ransomware attack.

According to Bloomberg, 57% of ransomware attacks reported in August and September last year targeted K12 schools.

The following are preferred methods of cyberattacks that cybercriminals like to deploy against schools and or school districts.

  1. Distributed Denial-of-Service (DDoS) attacks continuously bombard a web site, server or app with a lot of information that prevents other users and systems from connecting and accessing the data they need.
  2. Ransomware attacks such as those highlighted above are designed to extort money in the form of a ransom payment from the victims. Under ransomware attacks, the hackers will typically threaten to expose sensitive student and teacher data or shut down remote learning resources until ransom is paid.
  3. Video Tele Conferencing (VTC) Disruption occurs when hackers hijack video calls during online learning and then post inappropriate messages and pornographic images. The deep trauma caused by this method of attack to students and teachers may take a long time to heal.

Mitigation Strategies

  • Emphasis on Security Awareness Training (SAT) to teach students, teachers, and parents to be aware of potential threats and techniques such as email phishing and VTC disruption that cybercriminals use.
  • Schools and school districts should institute a policy requiring multi-factor authentication (MFA) for all devices connecting to the schools’ network resources and applications, including teachers and students email accounts.
  • Remote learning creates new data and potential risks of data loss. Schools and school districts should implement secure data backup systems in the cloud (offsite) to prevent data loss when the main data storage is compromised.
  • Schools and school districts should consider implementing network segmentation and network redundancy as part of their incident response plan to counter cyberattacks, e.g. DDoS attack. Network redundancy will ensure network availability and decrease risk of failure while network segmentation breaks up the network into different segments that are protected by firewalls while limiting potential criminals’ visibility into the entire network and network assets.
  • Home Wi-Fi networks that parents, students, and teachers use for remote learning should be secured and protected. The home Wi-Fi network can be protected using a strong password, enabling wireless network encryption, turning on the wireless router’s firewall, and using VPN to access to the internet, etc.
  • For video conferences, schools should require passwords for sessions, recommend that students not share passwords, require students to use their real names and not aliases, and take a rollcall to ensure that only invited guests are in the video conference room.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.

KEYWORDS: cyber security ransomware remote learning remote work risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

James opiyo

James Opiyo is a Senior Consultant for Security Strategy at Kinetic by Windstream. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Virus Detected

    Increasing Cybersecurity Gaps and Vulnerabilities due to Remote Work During COVID-19

    See More
  • cybersecurity

    How to enforce security protocols when your workforce has gone remote

    See More
  • schools remote learning

    Schools, here’s how to stay cyber-safe in the age of remote learning

    See More

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing