Cyber Security of Working from Home: Technology versus Psychology

Social distancing became one of the most strongly advocated measures to manage the #COVID19 outbreak magnitude in many countries around the globe. As a result, many offices are shutting down asking employees to "work from home as much as possible". Managing to work from home when you are used to your "9 to 5 routine" (especially in the presence of young children, constant temptations to watch TV unless you simply do not own one like myself, or to do household chores) and just genuinely trying to stay sane under close-to-lock-down situation can be overwhelming in itself. Yet, the whole working from home situation will also be testing many different systems: Internet capacity, organisational processes and, of course, cyber security.

Cyber security of remote work

Just a couple of weeks ago when I was talking to representatives of businesses in the US, the UK, Singapore and Australia, many were concerned that the current Internet capacity and, most importantly, their business secure VPN capacities will not be able to match the growing demand from employees and managers forced to stay at home. It is not obvious, whether we are in the clear yet, however, the current level of connectivity seems to be working better than we expected. Of course, we still do now know what will happen if videoconferencing is maxed out and runs in parallel with other video services like Netflix or YouTube; but I would say that now the business sentiment about Internet capacity is more optimistic than it used to be.

At the same time, concerns about cyber security of remote work still prevail. The main problem with remote work cyber security is that much in the remote business systems still relies on personal cyber hygiene of employees. Here, the communication and staying informed is key.

Brace for impact and source support: If you are a business owner, it is very important to make a clear plan of what happens in case of a cyber security breach under the current circumstances and make the procedure known to all staff. I know, this sounds very basic, but you would not believe how many companies either do not determine these procedures at all and how many companies use every obscure information channels; so in case of emergency their employees do not even know whom they should contact to report an incident. It is also important to think through how employees will be supported remotely by the cyber security team - i.e., who-does-what and who-reacts-to-what needs to be clearly identified. And if you are an employee and you have no idea what you should be doing in case of a cyber security incident which may occur remotely, it is a good time to ask your business owner WHY is it that you do not know that.

Brush up on your understanding of cyber hygiene: It is also necessary to understand how secure your home systems are and whether you have the basic equipment to protect yourself. For example, many people do not realise that their home WiFi systems might not be correctly secured, which makes them vulnerable to so-called "snooping" attacks when adversaries in the vicinity of your house can interfere with your traffic. Obviously, one cannot be too careful with anti-viruses and security tools, which should come from trusted sources and should be up to date. Backing up regularly is also extremely important - this not only increases your resilience to cyber threats, but also prevents your young children (or careless partners) from causing the "nuclear winter" in your most important project folders. Generally, it is a good idea to use different devices for work and leisure purposes (I appreciate it is not always possible, but it is good practice - so, if you tend to watch those YouTube videos on your work laptop, think of potentially investing into a "home" device).

Keep your psychological state in check: As I have discussed in my several previous posts, many cyber security breaches target our psychology. And in conditions, where the majority of us will be confined to our apartments or houses for (at least) several weeks, many things will be tested and this will take a toll on your psychological state. Not only your work relationships, but relationships with your loved ones will be put to a test. I was just talking to a colleague via video conferencing, who was multi-tasking at a whole new level: she was cooking dinner, dealing with two energetic toddlers and was also giving advice to her husband who was coming in and out of the room asking questions. Believe me - even if you are a superhero - after a few days you will feel quite fatigued. If you think you are in the clear because you live alone - think again - you are quite likely to start feeling exceptionally lonely unless, of course, you are used to living in isolation. Essentially, these close-to-lock-down conditions make us all extremely vulnerable, and cyber criminals know about this. Therefore, it is extremely important not to lose perspective and be aware of the most recent threats out there. I am not sure this would work for everyone, but I start my day with checking several reputable websites listing most recent cyber security threats and breaches to be aware of what is going on. For example, check out the CERT-EU website for EU incidents or CSIS website for global incidents - you might find them helpful. Be careful of any coronavirus news which end up in your mailbox and any requests to "reset" your account, change your password, etc. Very often, adversaries use these themes to launch sophisticated social engineering campaigns.

Take Aways: the value of being connected

When I was preparing for writing this blog, I was thinking how the COVID-19 outbreak showed all of us the value of something we all took for granted for a long time - the value of connection. I also remembered the example of Edison Peña. You probably have already forgotten, but in 2010 a group of Chilean miners were trapped in tunnels 700m below the surface for 70 days. Many of them gave up hope and their psychological state deteriorated, but Edison had a strategy. He was running. Running every day through the tunnels and this was not only daily exercise to him. It was his way to stay connected with his mind, with people who were with him underground and with people who waited for him above the ground. We are not trapped underground without Internet, food or much hope for survival, yet, we all can learn from Edison. Keep running - exercise your mind and body. Stay connected, folks! We will get through this!

#cybercrime #cyberrisks #cyberthreats #datasecurity #cyberattack #hacking #risk #infosec #security #ransomware #phishing #dataprotection #informationsecurity #workfromhome #covid19