Previously, I wrote of the digital risk challenges stemming from Industry 4.0 that have been brought about by disruption and transformation. Little did I know the extent of disruption that was about to descend upon us. As a result of this health crisis, the global environment has brought terms such as “distancing,” “online,” “remote” and “virtual” into everyday vernacular. But moving at short notice from a trusted office environment to our homes can create significant security risk.
For many remote workers, the isolation allows for better focus, concentration and productivity — if they can continue to get access to the necessary documents, applications/systems and communications. According to Owl Labs’s 2018 Global State of Remote Work report, 52% of employees around the world work remotely at least once per week and regular work-at-home has grown 173% since 2005, thanks largely to technology maturation and advances.
While the internet brings many conveniences, allowing us to shop, bank and work in relative comfort, this has also contributed to the rise in digital risk through cybercrime. According to the World Economic Forum, the direct damages of cybercrime are projected to cost the global economy $6 trillion, or 6.3% annually, by 2021. Therefore, cybercrime is one of the greatest risks to our global prosperity in the fourth industrial revolution.
Remote Workforce Risk
Remote working has become a normal part of many workers’ lives and is one of the most desirable benefits an employer can offer. According to the aforementioned Owl Labs report, many industries now offer remote working with the top global industries being government/education, finance/insurance and technology/marketing.
For many remote workers, this means using their own personal devices and home networks to perform work tasks. This presents some of the largest risks to the worker and the business. Many personal devices lack the hardened nature of a corporate device and other security capabilities, such as encryption, auto-backups, authentication and security monitoring. The home environment is very different from the relatively secure systems/processes of the corporate environment.
Other risk factors include lack of physical exercise and mental health challenges. One significant issue with working remotely is the inability to switch off at the end of the workday (something that I’m guilty of!).
Working remotely increases the risk to any job and business — risks that range from an inability to physically secure the home office to controlling/ensuring the security of the home network.
Lastly, have you thought about access to emergency assistance if needed?
Digital Risk Today
Despite this global calamity, the cybercriminals have not stopped. Instead, they see opportunity.
There have been attempted cyberattacks and successful ones on hospitals, the U.S. Health and Human Services Department and even the World Health Organization — a vital hub for advice, research and factual reports during this current crisis.
Social engineering attacks (phishing, vishing, social media, etc.) have risen significantly. We have seen sharp rises in the registration of domain names used to masquerade as legitimate sites. There have been emails, text messages and social media posts looking to compromise people. Many contain malicious attachments or links to malicious sites, and unfortunately, these will continue to escalate.
Such attacks aim to create an emotive situation as a result of fear, anxiety, sympathy or greed. These come in many forms: unexpected money or winnings, fake charity and medical scams, fake apps and even impersonation.
For remote workers, both old and new, they must accept that being online more means generating more opportunities for cybercriminals to attack them. For some time now, cybercriminals have taken a people-centric approach to cyberattacks. Most targeted cyberattacks rely on the user to activate them, showing how the human element is prominent.
The important point here is that many of these risks are not new. You just may be more exposed to it outside of the corporate environment. Don’t panic — cybercriminals have long used notable events and situations as opportunities to launch new scams (recall the point about emotive situations). Examples include major sporting events like the World Cup and Olympics, elections and even Brexit. We are certainly seeing some very creative, innovative criminal schemes in the current circumstances.
Recommendations For The Remote/Home Worker
These recommendations were composed through experience and by looking at credible guides, such as the Essential Eight Maturity Model by the Australian Cyber Security Centre (or similar in your country) and other cybersecurity standards. These best practice suggestions apply irrespective of our current environment:
• Check and ensure your applications and OS are up to date for all your devices (corporate and personal).
• Implement encryption to protect sensitive data and connections, including a reputable virtual private network (VPN).
• Use a dedicated machine for work and do not share it with others.
Implement multi-factor authentication. This should be mandatory. Managing end-user risk starts with having strong authentication and permits clear identification of who is logging into your corporate environment.
3. Secure your Wi-Fi/router.
• Change the default password and set a strong unique password.
• Enable network encryption — use the strongest available (e.g., WPA2).
• Enable a firewall to act as your first line of defense.
• Set up a separate guest network. Many routers allow this. This is the network your kids and other untrusted devices should use.
4. Ensure you have a backup strategy for your data.
5. Social engineering.
Click with caution. Treat unsolicited emails with caution. If unsure, do not respond. Look to your national authorities for online safety guidance (these strategies have not changed).
6. Only download apps from trusted sources.
7. Have a dedicated workspace, preferably one you can secure.
8. Establish an emergency contact.
9. Factor into your daily schedule some ‘me’ time for exercise and mental health.
Lastly, remember the need-to-know principle. You may be working at home but still dealing with sensitive and/or classified information — especially in conversations — that others in your household have no need or right to know.