Expert: Home is ‘new battleground’ for cybersecurity

ST. LOUIS, MO — As millions of people work from home during the COVID-19 pandemic, their homes are quickly becoming the new battleground with hackers who seek to access their sensitive information, cybersecurity experts warn.

On Sept. 30, Thompson Coburn hosted a remote CLE on cybersecurity focused on the risks faced by high-net-worth or high-profile individuals.

The panel of speakers included Jim Shreve, the Chicago-based chair of the firm’s cybersecurity group, Luke Sosnicki, a Los Angeles-based partner for the firm, and Chris Pierson, founder and CEO of BlackCloak, a Florida-based cybersecurity company serving high-net-worth individuals and corporate executives.

Shreve said cybercrime is so prevalent because it’s lucrative, with an anticipated value of as much as $6 trillion in 2021.

“That’s an astounding amount. That’s bigger than the GDP of many countries, and it’s growing significantly every year,” he said.

Since 2013, an estimated 15 billion data records have been stolen, and businesses have lost as much as $26 billion from losses due to compromised business email, Shreve said.

Pierson pointed out that those numbers predate COVID-19, “when everyone was in a hardened environment, everyone was in the four walls of the company, not relying on home cybersecurity or lack thereof.”

“It’s going to be even worse,” as a result of the pandemic, he said.

Sosnicki said the conversation about protecting high-profile individuals from cybersecurity threats is especially important given the potential financial impact. Most high-profile individuals are also business people, he said.

“High-profile individuals have a long list of business interests,” he said. “ . . . It’s very rare that these individuals separate their personal lives from their business lives to the extent that would actually protect their business information from the types of threats we’re discussing.”

Data breaches could result in litigation, he said, especially if confidentiality obligations for business deals are breached. Breaches also could result in increased regulatory scrutiny, he said.

The panel identified phishing and ransomware — a type of malware that holds one’s technology or data for ransom — as some of the top risks that individuals face in both their personal and professional capacities.

Pierson also noted that high-profile individuals’ homes pose potential security risks. While those individuals may invest in technology in the home, they might not consider securing that technology, he said.

“Every single item in the home is a potential attack vector for that high-profile individual and also for the company,” he said, offering an example of a corporate executive who brings company work home, then uses an unsecured home Wi-Fi network that may be virus-laden.

“It’s a dirty network. It absolutely can be a vector of attack for a company, for a corporation,” he said. “The cameras, the router, home automation — these are all ways in.”

Pierson said individuals should secure and patch their routers and use strong Wi-Fi passwords.

They also should scan their home networks weekly to make sure there are no vulnerabilities.

Smart appliances offer additional points of entry for hackers, and wealthy individuals especially are fans of internet-connected devices, such as smart washing machines or smart TVs, Pierson noted.

During the pandemic, the home has become “the new battleground, the new battlefield for cybersecurity as it relates to these high-profile persons,” he said.

In addition to ensuring home networks are safe, high-profile individuals should use multifactor authentication to protect their accounts online, the panelists advised.

Shreve also encouraged them to keep their corporate work separate from their personal lives, and to avoid reusing passwords.

He pointed to the 2012 data breach of LinkedIn, which exposed millions of users’ passwords. Individuals whose passwords were dumped online from that breach still are experiencing problems as a result, he said.

“It’s amazing, but years later, people can still use that information,” he said. “Make sure you’re not reusing passwords for your corporate accounts as for your personal accounts.”