Between 2005 to 2017, there was a 159% increase in remote working, according to a Flexjobs annual survey. In 2015, 3.9 million U.S. workers were working remotely. Today that number is at 4.7 million, or 3.4% of the population. And, 74% of respondents in the Flexjobs annual survey believe that flexible working has become the “new normal.” Of course, the coronavirus is now dramatically increasing the number of people working remotely. For larger, high-profile companies such as Microsoft, Google, and Amazon, infrastructure and policies are already in place to increase work from home staff. However, for small to midsize companies this transition will no doubt be more difficult. And, many are concerned about the affect working remotely will have on their company’s cybersecurity.
In this month’s newsletter, we’ll alert you to a current cybersecurity threat, provide a starters checklist of necessary infrastructure and policies, as well as tips to work from home safely. And… we’ll discuss how Sir Isaac Newton can inspire all of us who are now working remotely.
A Phish Is Still a Phish…Even When You Catch it at Home
As mentioned earlier, many organizations are having their staff work from home to reduce the spread of COVID-19. However, moving at short notice from a trusted, secure office environment to working remotely can create sudden security risks. On top of this, many opportunist cyber criminals are using COVID-19 as a subject matter for their phishing scams. In one phishing campaign detailed by security researchers at Minecast Threat Intelligence, cyber criminals are targeting remote workers with a credential stealing scam that takes employees to a fake OneDrive login.
The U.K. National Cyber Security Centre also recently issued a warning that there are a range of attacks that are being perpetrated online as cyber criminals are exploiting COVID-19. It reported phishing being at the forefront of these scams with the bogus emails claiming to have important updates. Remote workers are being warned to be suspicious of any emails asking them to check or renew their passwords and login credentials, even if they seem to be coming from a trusted source. With this recent flood of warnings and reports, many remote workers are wondering where to even start. There are things you will need to have in place, let’s start by discussing infrastructure and policies.
Working Remotely — Infrastructure for Employees
What type of infrastructure will you need? As an employee you’ll need to have these elements:
- A designated work space. If possible, a separate room with a desk is best. This can be challenging if multiple people are now working from home and possibly children online schooling as well. So, you might need to be creative.
- Adequate internet speed. When working remotely, upload speed is just as important and download speed. The Telecommuter Guide recommends at least 1Mbps for both download and upload speed. You can test your internet speed at Speedtest.net.
- Ensure your Wi-Fi connection is secure. If your hardware is older, it may not be correctly secured and will allow people nearby to snoop on your traffic.
- Take precautions and make sure that all important files are backed up regularly.
Working Remotely — Infrastructure for Companies
As a company, here’s a starter checklist to see if you have the infrastructure to support your work from home staff:
- Your employees will need a secure laptop, as well as a charger, headset, a virtual private network (VPN) and phone.
- The VPN you use should support all remote workers if connected simultaneously.
- Check if you have encryption tools installed. If you do not have the tools needed, resources such as Tech Radar have supplied a list of free, paid, and business options for encryption tools to get you started.
- Your employees will need access to audio-conferencing and web accounts. Also, make sure that chat programs are in place.
- Make sure that any employees who need access to shared office suites and cloud storage accounts have unique logins specific to only them.
- Create or enlarge your helpdesk capacity to support employees adjusting to remote working.
- Assign someone to make sure your VPN’s, servers, and anti-virus systems stay up to date.
These lists are by no means exhaustive. For more information on remote working infrastructure, Business 2 Community has provided a list of things that is important for each organization to consider.
Working Remotely — Policies
As a company, you’ll need to review existing policies to verify that they will meet remote work needs. Or you may need to create work from home policies. Here’s a starter list. I’ll break this down into two categories with their own checklist.
Employee agreement to remote work conditions
- Do you have policies that address employee adherence to data privacy, security, and confidentiality?
- Is there guidance in place on timekeeping for hourly employees?
- And, do you have a policy to address attendance and availability standards?
Data Privacy and Security
- Consider a policy to ensure business assets are physically secure, such as company laptops and phones.
- Do you have a policy that addresses saving company data only on its secured network and not on personal devices? Make sure to clearly communicate it.
- Your remote workers should know who to contact for support when they encounter technical problems.
- Have a well-defined procedure to follow in the event of a security incident. Clearly communicate the policy.
- Restrict access privileges to sensitive systems when it makes sense to do so.
- And, are all in the organization alert to cybersecurity threats such as phishing. Will they know how to report suspicious communication?
Again, this list is not all-inclusive, but is designed to get you started. There are resources online you can use to get more information and some even provide a template to get you started. With these things in place you have a good starting point for your newly remote employees. However, it is also vital that employees working remotely remain alert to cybersecurity threats.
Cybersecurity Tips for Working Remotely
In a recent interview with Lares, Chris Hadnagy, CEO of Social-Engineer, LLC, noted that those who have never worked from home before will be a special target of attackers. He said that more people will have their guard down because “home is where we relax”. Home is also a place of more distractions. Parents, for example, who use to head to the office to fulfill their work priorities will now find that their little ones will pull on their attention. This will make it easier for remote workers to fall for an attack. So, what can you do to make sure that you maintain the same security mindset at home as you would in the office? There are a few things:
- Don’t click on or download anything unless it is from a verified sender. Not sure? Call your fellow employee to verify.
- Be vigilant to what information you give over the phone, remember it’s ok to say no to requests that make you feel uncomfortable.
- Lock your computer – especially if you work in a shared space.
- Tech support scammers are targeting remote workers. Use caution before clicking on pop-up windows saying there is a security issue on your computer, or that there is an update for the operating systems.
- Maintain communication – don’t let your remote location make you lose communication with your fellow employees and employer. Staying in the loop makes you less likely to fall for a scam.
Making changes to quickly migrate from an office workspace to a home workspace is no doubt stressful It may not seem like it now, but there are benefits to working remotely. In fact, a famous scientist, Sir Isaac Newton experienced what came to be known as his “wonder years” while working remotely.
Be a Newton
Did you know that a pandemic forced Sir Isaac Newton to work remotely? In 1665, Cambridge University closed due to a pandemic known as the Bubonic Plague. Newton left the University and spent the next two years at his home, Woolsthorpe Manor, working on his theories. It was during these years of ‘social distancing’ that Newton laid the foundation for calculus, optics, and gravity. They became known as his “wonder years”. So, what can we learn from Sir Isaac Newton? He used his time wisely. He still took his work seriously, even though it was in a different location, from home.
Now, we too are ‘social distancing’ due to the Coronavirus pandemic. And it’s creating challenges for us; some are irksome, others are heartbreaking. So, while we await a return to ‘normal’, let’s look for ways to be a Newton. Who knows, perhaps you too will see an apple fall from a tree and be inspired just as he was. 🍎
What to Expect Next Month
The sudden change to working remotely have many feeling anxious. Additionally, many new remote workers are coping with the additional challenge of isolation. So, next month we will focus again on working remotely. And since May is Mental Health Awareness Month, our angle will be maintaining mental and emotional health while working remotely.
Until then—stay safe and healthy.
Written by: Social-Engineer