Author: Nick Johnston Program Coordinator of the Honours Bachelor of Applied Information Sciences Degree at Sheridan College
More people are working from home than ever before, and cybercriminals are trying to cash in. According to Statistics Canada, 42 per cent of Canadians experienced a cyber security incident in the first nine months of the COVID-19 pandemic, with 36 per cent of those Canadians experiencing a loss as a result.
In this short Q&A, Nick Johnston of Sheridan’s Honours Bachelor of Applied Information Sciences (Information Systems Security) degree explains the security risks of working remotely and what can be done to minimize them.
What are the cyber security risks of working from home?
Employers’ Wi-Fi and networks are typically safeguarded with security features such as firewalls and spam filtering. Also, virus and malware detection often takes place via an Endpoint Detection and Response (EDR) utility, which identifies things happening on your machine that might impact security.
You don’t have many of those protections when you’re connected to your home network. Even if you’re running an EDR utility, it takes a little longer for that information to make it back to your IT security team, so they might not be able to stop something like ransomware — which encrypts your files and then demands a ransom for access to them — before it affects your data.
What measures can employers and employees take to offset increased risks of working from home?
Email vigilance is a big one, since the most commonfor cyberattacks tends to be phishing (fraudulent communication designed to trick you into revealing sensitive information.) When you get an email that sounds threatening or a bit too urgent, take a few seconds to think about it or ask a co-worker for their opinion.
Using a VPN (Virtual Private Network) will allow you to have a more secure connection with your workplace and any resources you may need. It’s also important to use different passwords as much as possible, because if a website you use is breached and cybercriminals discover your password, they’re going to try to use that password everywhere else.
Finally, don’t turn off anti-virus or prevent your computer from doing updates. Employers can schedule updates and install antivirus software and VPN software on their employees’ laptops, but the employee is also accountable to use those things.
What impact will an increase in work-from-home arrangements have on cyber security in the next five years?
Traditionally, company networks have been like a castle that is surrounded by a wall or a moat, which is the firewall that forms a perimeter. Everyone inside the castle walls was trusted. But now, with so many people working remotely and using different resources to do their jobs, there is no trusted interior or safety perimeter anymore.
That concept of Zero Trust means we’re going to need more authentication measures to prove people are who they say they are. You may need to input your password more often, or you may get a multifactor authentication prompt. Your employer may also monitor what time you’re logging in and what country you’re logging in from so they can build patterns and baselines, and whenever you deviate from those, the standard will be to ask for more identifying information.