Here’s what the Twitter hack tells us about potential security risks of working from home

Jul 27, 2020, 7:01 AM

Twitter features...

said it would disable some features temporarily, making it more difficult for users to mindlessly retweet misleading claims. (Credit: Shutterstock Via CNN)

(Credit: Shutterstock Via CNN)

    (CNN) — The Twitter hack that compromised the accounts of Barack Obama, Kanye West and other figures earlier this month was one of the more prominent cybersecurity breaches in recent memory — and it was all the more dramatic as it played out live on the platform while users watched.

It was the first major breach reported since March, when many companies rapidly transitioned to remote working because of coronavirus.

For Twitter, the hack was certainly not a good look. CEO Jack Dorsey apologized for it on the company’s earnings call last week, saying: “Last week was a really tough week for all of us at Twitter, and we feel terrible about the security incident.”

For other companies, the hack could serve as a reminder that even at a moment when there is much else to worry about (like the economic recession and ongoing pandemic), cybersecurity threats are still an issue. It may be more true now than usual — experts say that having many people working from home presents unique security risks, especially given that many companies made the transition practically overnight.

It’s not clear whether remote working policies at Twitter, which has said it will allow some employees to continue working from home “forever” if they choose, had anything to do with the hack. But it’s something other companies should be aware of.

“The way (the transition to remote working) happened, instantly, there was no warning, and all of a sudden people were just told, ‘you’re not going back to work tomorrow,'” said Anu Bourgeois, an associate professor of computer science at Georgia State University. “Everybody became vulnerable at that point.”

Security risks from remote working

Only about 29% of workers had the option to work from home from 2017 to 2018, according to the most recent data available from the Bureau of Labor Statistics.

When coronavirus hit the United States, employers had to scramble to get a huge percentage of the country’s workforce to transition to remote working for the first time, a massive task that may have involved corner-cutting when it came to security.

There are a number of ways companies could have gone during the transition. In the hurry to keep employees safe but still maintain their workflow, companies might have given out laptops not equipped with the proper security software or asked them to use their own personal devices for work, Bourgeois said.

That issue was likely heightened for employees and families who can’t afford multiple devices and suddenly found themselves working from home while kids attended school remotely.

“They’re having to juggle different people using that device,” Bourgeois said. “Whereas at work you’re just one person, your kids may be having to use the device you use for work for their school or entertainment. You have that vulnerability of different people on your machine.”

Companies that were accustomed to having employees work only out of the office likely also had to develop new “access controls.” Whereas workers may have only been able to access their company’s servers and data from inside the office, they now may have to sign into a virtual private network (VPN) or other portal to securely access the information needed to do their jobs.

Deploying proper cybersecurity protocols for a remote workforce, “especially for a large scale company, is going to be really time consuming and difficult to do,” said Bourgeois.

She added that even with existing security software, companies could run into issues. Some security systems track employee habits — such as the normal days, times and duration of time that they typically access company systems — to identify potential hackers. But such systems may be confused by people’s changing work habits during the pandemic, and therefore could be less likely to catch breaches.

What we know about the Twitter hack

It’s unclear whether the Twitter hack had anything to do with remote working policies the company put in place in response to the pandemic.

Former Twitter employees examining the incident acknowledged that it’s a possibility, but there’s no evidence that Twitter relaxed its security to accommodate working from home. Twitter declined to comment on its remote work policies.

Twitter said the breach was the result of a coordinated “social engineering” attack that targeted workers who had administrative privileges, with the aim of taking control of the accounts.

Experts say social engineering may also be easier when people are working from home, where they may be distracted or let their guard down.

“You have people scrambling, in a different environment, and that mindset is not the same when you’re working from home versus the office,” Bourgeois said. “So many people are juggling their kids and are distracted and may be trying to quickly get through whatever task they need to get through. (They) may not be as sensitive to looking for these social engineering tactics, like phishing emails or phone calls.”

Some have also warned that hackers may try to exploit people’s fear of coronavirus in an attempt to carry out hacks or phishing attempts.

“As the world’s anxiety regarding coronavirus continues to escalate, the likelihood that otherwise more cautious digital citizens will click on a suspicious link is much higher,” the Electronic Frontier Foundation wrote in a March blog post.

The EFF cautioned people to look out for suspicious messages promising information or offers related to coronavirus, especially ones that sound too good to be true, like an offer to submit personal information in exchange for a free coronavirus vaccine.

For companies looking to avoid being the next target of an attack — in addition to implementing antivirus software and two-factor authentication — “the number one thing is education,” according to Bourgeois.

“Unless your employees are well versed in all of these different types of attacks and what to be aware of, it doesn’t matter what else you do, that person is vulnerable. Educating the workforce is key,” Bourgeois said.

–CNN’s Brian Fung contributed to this report.

The-CNN-Wire
™ & © 2020 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

A hiker who was struck by lightning and then fell from the east summit of Twin Peaks has died. Salt...

Becky Bruce

Body of hiker found after lightning strike, fall

Search and rescue crews recovered the body of a hiker who was struck by lightning, then fell near the east summit of Twin Peaks, above Snowbird Ski Resort.

24 hours ago

This Google Maps screenshot shows the location of the Sunglow Campground near Bicknell, Utah, where...

Becky Bruce

Provo Fire Captain and four family members found dead after Wayne County flash flood

Wayne County Sheriff Micah Gulley says a flash flood swept up five family members who were there to hike and go canyoneering.

1 day ago

Damage from the Cottonwood Fire can be seen from Highway 153 in Beaver County on Thursday, July 9, ...

Heather Peterson

Beaver County suffers from loss of tourism due to Cottonwood Fire

The Cottonwood Fire is ruining summer tourism in Beaver County, as businesses and county leaders grapple with the lost income.

2 days ago

FILE - This photo provided by the U.S. Geological Survey shows polymetallic nodules in a sample fro...

Dánica Coto, Associated Press

The US plans to auction off sections of water around American Samoa in a push for deep-sea mining

The U.S. government plans to auction off massive sections of water surrounding American Samoa for potential deep-sea mining in an unprecedented move expected to draw criticism from many countries.

2 days ago

A woman flashes a victory sign while walking at Tehran's traditional main bazaar, Iran, Thursday, J...

Jon Gambrell, Associated Press

US and Iran escalate strikes across Mideast; bridges and a water plant hit

The US and Iran escalated attacks across the Middle East on Friday, trading strikes aimed at infrastructure and military targets as their battle over the Strait of Hormuz intensified.

2 days ago

Jon Anderson speaks after being named as Utah Valley University's next president on Friday. The Uta...

Logan Stefanich, KSL

‘Best days at UVU are ahead’: Jon Anderson appointed president at Utah Valley University

The Utah Board of Higher Education on Friday voted unanimously to appoint Jon Anderson as the next Utah Valley University president.

2 days ago

Sponsored Articles

...

Bear Lake

Road trip ready: How Bear Lake became the go-to destination for Western U.S. travelers

Whether you are chasing pristine beaches, fresh raspberry shakes, or endless water sports, this sponsored guide—brought to you in partnership with Bear Lake —uncovers everything you need to plan the ultimate getaway.   There’s nothing quite like the thrill of hopping in the car with your favorite snacks in tow and heading out for a […]

...

Harper Clinic

A new standard of care: How Harper Clinic’s IOP is changing the face of mental health treatment in Utah

This article is sponsored by Harper Clinic, a Utah-based clinic offering FDA-approved TMS therapy for treatment-resistant depression.    Utah’s mental health crisis is leaving many residents caught in an uncomfortable middle ground: struggling too much for weekly therapy alone, but unable to step away from work, parenting or daily life for inpatient treatment. As demand […]

...

Harper Clinic

Breaking free from depression: How Harper Clinic’s TMS Therapy can help

This article is sponsored by Harper Clinic, a Utah-based clinic offering FDA-approved TMS therapy for treatment-resistant depression.    The weight of depression is real. Many people spend years fighting it, adjusting medications, managing side effects and wondering if this is simply how life is going to feel.   According to the World Health Organization, depression affects […]

mental health...

Andrew Adams, KSL

Library discussions bring men’s mental health to the surface

Therapists say it’s common for men to repress things like trauma, grief, stress and anxiety. Now, a new weekly series of discussions aims to help men bring it all to the surface.

...

Bear Lake Convention & Visitors Bureau

Cozy up in Bear Lake: Discover the magic of a winter getaway

SALT LAKE CITY – The holiday season shines brightest when time slows down and loved ones gather. Gifts, decorations and festive music come and go, but shared experiences tend to last much longer. Research supports that idea. Dr. Theresa E. DiDonato told Psychology Today that vacations can strengthen relationships by creating meaningful time away from daily […]

...

Harper Clinic

Rewriting the path to healing: Inside Harper Clinic’s whole-person mental health model

OREM — A few decades ago, you’d have had a hard time finding a doctor to treat both your mind and body; And a century ago, you’d have been hard-pressed to find a doctor to treat your mind at all. Today, medical professionals are understanding more and more the undeniable connection between the body and […]

Here’s what the Twitter hack tells us about potential security risks of working from home