Sarasota, FL – Cybercrime has exploded since the pandemic began. Research shows there’s been a 400 percent increase in the past year. Whether it’s crimes related to government assistance — such as stimulus checks or PPP loans, identity theft or phishing scams, bad actors are stressing out employees and employers alike.
Increased attacks on home computers and networks are expected to continue this year, as employees continuing to work remotely. Experts say it’s time for employers to add cyber wellness to programs aimed at keeping workers safe and healthy.
“When we think about how much activity we conduct online — and this is meaningful activity; we are managing our finances online, we are socializing online, kids are living their lives online, we shop online, we manage our home security systems online,” said David Siefert, VP of Cyber Wellness Solutions at Aura Identity Guard. “All of this activity combined very much can and does have an impact on financial wellness, leading to mental wellness, leading to physical wellness.”
While physical and mental wellness programs have been a part of total employee wellness programs for some time, financial wellness has recently been added to the mix. The idea of cyber wellbeing follows closely with financial concerns.
“Financial wellness has really hit the map in the last number of years and has become very commonplace,” Seifert said. “It’s interesting, years ago, employers would never consider a program focusing on individual finances. Nowadays that is commonplace.”
Student loan debt, increasing healthcare costs and lack of preparation for retirement are among the factors driving financial concerns. Research shows 59 percent of employees are more stressed about their finances than any other issues. About half of employers have responded by offering financial wellness programs.
The increase in cyber crimes, the new work-from-reality, and the fact that we are more digitally connected than ever have driven concerns of cyber security to the forefront. Statistics bear out the reasons for the anxiety.
In addition to a 400 percent increase in cybercrimes, there has been a 71 percent increase in malware attacks on mobile devices. And nearly half of people surveyed are concerned about the cyber security risks they are opening themselves up to at home.
In polls conducted by Gallop and other institutions people said the number one crime that concerns them as individuals was fear that hackers will access their personal or financial information. Second on the list was identify theft, in addition to having their homes or cars broken into.
“So there’s this constant kind of underlying anxiety, although it doesn’t drive human behavior everyday, but it’s always on people’s minds,” Siefert said. And the fact that we do spend seven hours a day online just leaves more opportunity, and therefore we need more protection.”
Fears of cyber attacks carry over to employers, as many workers say they use their personal computers and mobile devices for work operations.
Some employers have responded. Forty percent offer traditional identity theft protection programs, “which is great and it’s a very good first step,” Siefert added. “But identity theft protection alone isn’t enough because identity theft is typically reactive in nature. Really a cyber wellness program needs to be proactive in nature. It needs to stop attempts of cyber crimes before they can occur. Protecting devices, protecting networks, removing data online where it should not be.”
Types of Attacks
Cybercrimes related to government assistance programs are among the most troublesome — for employees and employers. Unemployment claims fraud, for example, has seen a nearly 600 percent increase during the pandemic. In this crime, perpetrators file for unemployment claims using another person’s identity. Employees may only learn of this when they receive a notice from the government, such as a tax form, since unemployment is taxable. In some cases, employers receive notices that ‘an employee’ has filed for unemployment insurance, while no such person exists within the company. The organization is then forced to spend time and money to resolve the issue.
“Stimulus fraud is a new type of fraud,” said Eva Velasquez, President/CEO of Identity Theft Resource Center. “There was a big spike in May, then it tapered off. But this is ongoing … in January with a new round of funding we’ve seen another spike.”
The increase in remote work has led to more cyber crimes. For example, workers may click on a link within an email that contains a virus, and it affects the entire system. Or an email that appears to be from a supervisor requesting sensitive information is actually from a bad actor.
“Are more phishing attacks aimed at remote workers?” Valesquez asked. “Yes, because there are more remote workers. Phishing and business email is the number one threat factor.”
Through employee training and additional resources employees can protect themselves — and their organizations. “Consumer behavior is the driving force behind these events,” Valesquez said. “As consumer behavior, it can be changed.”
The increase in cyber crimes is expected to continue through 2021, the speakers said. Therefore, it behooves organizations to invest in cyber wellness, for the sake of their workers and their companies.
“The more that employees are engaged in their personal cyber wellbeing, the more engaged they’re going to be at minimum with company security,” Seifert said. “Employees can be your best front-line defenders. It helps them be those stewards of security.”
Education and training are key to cyber security. For example, having clear policies about what a legitimate request from management looks like, how it should be handled and where to go with questions.
“People often mistakenly think of cyber security as the IT department and just don’t recognize the role individuals have in protecting themselves and their organizations,” Valesquez said. “For example, a laptop is in car, and it or the car is stolen. How that laptop is protected and configured and encrypted – those can be addressed by training and policies and make a big difference in whether that data is accessible.”
“Protecting personal devices and personal WIFI networks,” is another, Seifert said. “It’s not about interrupting or changing company cyber security, this is about personal devices. Having a personal VPN encrypt and protect all communications and data when we’re hopping on the WIFI at the airport. Having safe browsing tools and anti-virus on our devices that is preventively stopping an attempt from identity theft before it can occur.”
With such knowledge employees can protect valuable information from being stolen, whether their own or their companies’. Home title theft, for example, is one of the largest growing white-collar crimes, though many people are unaware of it. “This is that type of event that is very overwhelming because it is so extreme in terms of what they’re going to have to do to resolve this,” Seifert said.
“It’s not just financial data, or your standard identity credentials that is valuable,” Valesquez said. “So, if you think, ‘my workers don’t have anything of value,’ really? Do they have a G-mail account? Social media accounts? Look at how much more valuable those accounts are than just a closed Master Card. Because we know people are using their personal devices for work – those personal accounts are on those devices. It opens up an entirely new set of vulnerabilities. It’s about the valuable data and how identity has expanded.”