"If you were a cybercriminal, this is a good time to act," says cybersecurity expert Bruce Schneier.
Cybersecurity experts say Americans who are teleworking to slow the spread of the coronavirus are more vulnerable to cyberattacks.
"I'm worried about systems being overloaded. People using untrusted third-party systems like email or file-sharing services. You know, all the routines are different now and the things that they're being replaced with are ad hoc and untested."
That includes people with access to classified information, from the FBI to parts of the State and Justice departments.
"People will be more vulnerable to phishing attacks. Networks will be more vulnerable because now there are new openings and new ways to get in," says Schneier.
On Sunday, the White House asked all federal departments and agencies in and around Washington, D.C., to offer "maximum telework flexibilities" to employees — potentially opening the door to cyber-intrusions as workers use new, less familiar or less secure systems.
Within hours, the Department of Health and Human Services saw "a significant increase in activity" attacking its cyber-infrastructure. A spokesperson tells Newsy the department put extra protections in place before the pandemic and that its system is still operating as staff investigate. Secretary Alex Azar said at a news conference Monday that hackers didn't penetrate the system.
Homeland Security's cybersecurity arm tells Newsy it's "taken a number of steps over the last several weeks to increase cybersecurity preparedness" across federal agencies.
Schneier says: "Everybody who is doing everything all the time will keep doing it, and it will be more successful. So that can range from foreign governments doing very targeted intel operations to cybercriminals who are just opportunists, hackers, everybody in between."
At the FBI, a spokesperson emphasized to Newsy that some personnel are teleworking "where appropriate" as a way to protect the workforce. The agency wouldn't comment on steps being taken to prevent cyberbreaches.