75 million people are working from home, increasing their chances of getting hacked

Millions of Americans in this spell of global coronavirus have holed up to work from home, many using their own computers to connect to business networks.

This can create an opening for criminals who want to exploit computer technology to obtain personal and company information. That also sets up an opportunity for security units and information technology teams to prove their defensive prowess.

“I do think that the bad guys are taking advantage of the situation,” said Andrea Childress, chief information officer at the University of Nebraska at Kearney. “The scammers are increasing and ramping up.”

Information technology companies such as Lincoln-based Five Nines and LightEdge of Des Moines say they are in demand. Blaine Kahle, Five Nines’ director of engineering, said 80% of his company’s clients have requested assistance with work from home, and the company had about 10 inquiries from potential customers in the last week.

LightEdge provides data storage, training, computer security and other services for health care entities, banks, credit unions and manufacturers. “We are incredibly busy at this time,” chief security officer Michael Hannan said.

Working on a home computer can open new ways for scammers, attackers and hackers to deceive users or get into a business network. Home computers don’t necessarily have all of the protections that a machine in the workplace would have.

The bad guys want to obtain information, such as Social Security and credit card numbers. Sometimes they want to pilfer intellectual property from companies. Some hope to shut down business systems so they can get a ransom.

Companies and city governments have been known to pay a ransom of at least several thousand dollars to regain access to their networks, Hannan said. “We don’t recommend that at all.”

These bad actors are not schlubs simply goofing around with their computers. “They are really good at what they’re doing,” said Jeff Weeks, chief information security officer for First National Bank of Omaha. “They’ve found a new target to exploit.”

That target is new at-home workers whose companies or users have hastily set them up for work, Weeks said. “That’s what they’re looking for.”

Doug Rausch, director of Bellevue University’s security program, said connecting leisure computers at home with business systems can make those systems vulnerable to viruses that might be on the home computer. The viruses can enable the hacker to access company networks and lock up portions of those networks, Rausch said.

Kate Lister, president of San Diego-based consulting firm Global Workplace Analytics, estimated that the pandemic will compel 75 million Americans to work from home, 55% of the workforce that isn’t self-employed.

Weeks said the intruders are called “black hats,” and many are based in Russia, China, North Korea and Iran.

“They’re a lot better today than they were five years ago,” he said. “It’s a cat and mouse game between the good guys and the bad guys, but I know at First National, we take it very seriously. It doesn’t keep me awake as much as it used to.”

Weeks said more than 95% of First National’s 4,800 staffers are working from home now, up from 10%. But those employees who have been working from home for years have helped First National build a security system that reliably covers home workers, he said.

First National employees Kaelin and Matt Schilling, a young married couple, have spent two weeks working from their apartment downtown. Besides briefly having to share a laptop and feeling cramped before they fashioned their own office niches, the transition has been OK.

It took 4½ hours working remotely with bank technical support to get Kaelin Schilling’s new laptop hooked up and ready for work. But the support staffer was patient and efficient, she said.

The couple are able to eat lunch and take afternoon walks together, so this period has had its pluses, not just its oddities. “So far, so good,” Matt Schilling said.

Michael Lechtenberger, chief information officer for Mutual of Omaha, said his company has close to 5,000 employees working from home now. That’s 90% of the company’s workforce.

Matthew Hale, associate professor of security at the University of Nebraska at Omaha, said computer users can thwart many of those with bad intentions by adhering to a simple rule. “I think people just need to be careful about who they trust,” Hale said.

First National’s Weeks said his company’s system has seven layers of intrusion prevention. Hackers don’t want to spend their time trying to break into a well-defended network, he said.

Rather, he said, they will move on to an easier target.

One defense strategy calls for the user to verify his identification through more than a user name and password, a method called multifactor authentication.

Weeks said the home worker needs up-to-date equipment with antivirus software and the latest security patches. He said First National can make sure remotely that the home computer is set up well before allowing that worker to get started.

First National employs 450 info technology employees, he said, and 42 more in security. Among those are six who sometimes present themselves on the Internet as hackers to infiltrate criminal computer organizations, he said.

No one, however, uses the word “impenetrable.”

“There’s vulnerabilities in virtually any type of system,” Mutual’s Lechtenberger said.

Gary Sparks teaches mainly security courses at Metro Community College and Bellevue University.

“One of the concepts we want them to learn is to think like the attacker,” he said. Both defenders and attackers constantly improve and adapt to keep pace with their rivals.

“When you talk about security, there is nothing that is totally secure,” said Sparks, program director of Metro’s security center. “If it’s created by a human, it can be circumvented by a human.”