As millions of people work from home during the COVID-19 pandemic, their homes are quickly becoming the new battleground for hackers to access sensitive business information.
That’s the consensus of legal cybersecurity experts who addressed the risks faced by high net-worth or high-profile individuals during a remote CLE hosted in the fall by Thompson Coburn.
The panel of speakers included Jim Shreve, the Chicago-based chair of the firm’s cybersecurity group, Luke Sosnicki, a Los Angeles-based partner for the firm, and Chris Pierson, founder and CEO of BlackCloak, a Florida-based cybersecurity company serving high net-worth individuals and corporate executives.
Shreve said cybercrime is so prevalent because it’s lucrative, with a value anticipated to reach $6 trillion in 2021.
“That’s an astounding amount. That’s bigger than the GDP of many countries, and it’s growing significantly every year,” he said.
Since 2013, an estimated 15 billion data records have been stolen, and businesses have lost as much as $26 billion due to email compromises since 2013, Shreve said.
And those numbers are pre-COVID-19, “when everyone was in a hardened environment, everyone was in the four walls of the company, not relying on home cybersecurity or lack thereof,” Pierson noted.
“It’s going to be even worse,” as a result of the pandemic, he said.
Sosnicki said the conversation about protecting high-profile individuals from cybersecurity threats is especially important given the potential financial impact. Most high-profile individuals are also business people, he said.
“High-profile individuals have a long list of business interests,” he said. “ . . . It’s very rare that these individuals separate their personal lives from their business lives to the extent that would actually protect their business information from the types of threats we’re discussing.”
Data breaches could result in litigation, he said, especially if confidentiality obligations for business deals are breached. Breaches could also result in increased regulatory scrutiny, he said.
The panel identified phishing and ransomware — a type of malware that holds one’s technology or data for ransom — as some of the top risks that individuals face, both in their personal and professional capacities.
Pierson also noted that high-profile individuals’ homes also pose a security risk. While they may invest in technology in the home, they might not consider securing that technology, he said.
“Every single item in the home is a potential attack vector for that high-profile individual and also for the company,” he said, offering an example of a corporate executive who brings company work to an unsecured home Wi-Fi network, which could be virus-laden.
“It’s a dirty network. It absolutely can be a vector of attack for a company, for a corporation,” he said. “The cameras, the router, home automation — these are all ways in.”
Pierson said individuals should secure and patch their routers and use strong Wi-Fi passwords. They also should scan their home networks weekly to make sure there are no vulnerabilities.
Smart appliances offer additional points of entry for hackers, and wealthy individuals especially are fans of internet-connected devices, such as smart washing machines or smart TVs, Pierson said.
During the pandemic, the home has become “the new battleground, the new battlefield for cybersecurity as it relates to these high-profile persons,” he said.
In addition to ensuring their home networks are safe, high-profile individuals should use multifactor authentication to protect their accounts online, panelists said.
Shreve also encouraged such individuals to keep their corporate work separate from their personal lives, and to avoid reusing passwords.
He pointed to the 2012 data breach of LinkedIn, which exposed millions of users’ passwords. He said individuals whose passwords were dumped online from that breach still are experiencing problems as a result.
“It’s amazing, but years later, people can still use that information,” he said. “Make sure you’re not reusing passwords for your corporate accounts as for your personal accounts.”