Business Traveller (Middle East)
Cyber risks in the new world of remote working
Top tips for WFH online security from Barry Cook, Privacy & Group Data Protection Officer, VFS Global
With almost a year of ‘work from home’ ( WFH) under their belts, members of the global remote workforce have started getting comfortable in their new living-room offices and some companies are making this permanent. As we have graduated to living our lives online, embracing streaming services, e-commerce, e-learning and social media, we have also made ourselves increasingly vulnerable to cybersecurity threats. Cyber-criminals have responded by shifting their focus to attacks on mobile devices. In the WFH scenario, data protection is an increasing concern. Without the protected IT framework of an office, systems and their data can become vulnerable to malicious forces.
According to research by Kaspersky, the number of attacks on mobile users reached 68,063 in the UAE from January to June 2020. In other Middle Eastern countries, Egypt faced 220,000 cybersecurity breaches, Saudi Arabia saw 160,000 attacks in five months, followed by Kuwait (20,000) and Oman (15,000). In the recent months, cyber-attacks have risen to become one of the biggest threats to the digital health of corporations – with even the most heavily protected businesses becoming vulnerable to data breaches. The UAE foiled around 120,038 cyberattacks in July, UAE’s state news agency WAM reported. In fact, malware accounted for 78 per cent of the attacks prevented by the National Computer Emergency Response Team (CERT). A number of phishing attacks were stopped too. These not only pose a threat to sensitive company data, but also cause serious loss of
production time, man-hours and revenue, while impacting the company’s reputation and inviting potential regulatory fines.
It is therefore imperative to ensure you brace your company and employees with preventive measures to minimise such risks.
There many simple ways corporations can ensure employees remain secure working remotely and keep company data safe.
People are increasingly using the same set of devices for work and recreation, putting their personal information and sensitive company data at risk. Physical security, firewalls, anti-fraud measures were more effective when everyone was accessing official data at work, protected by enterprise-level security, but not anymore. One of the most common downsides to WFH is unsecured Wi-Fi networks. Companies should therefore issue advisories around safe router protocols – i.e., a WPA-2 or higher, and ensure employees assign strong passwords that are frequently updated. Regular training must be provided to help employees identify and mitigate threats to data security.
Another leading cause of data breaches is phishing scams. Taking advantage of people’s anxiety to know more about COVID-19, there have been several instances of fraud emails and SMS messages linked to information on the virus. This is a common strategy used by scammers and can infect your device with ransomware if robust firewalls are not in place. This can be remedied via simple instructions issued to employees, starting with emphasising the importance of double-checking each link they click on. As a company policy, while using official emails, any links or attachments received from an unknown sender should not be clicked on at all.
The most significant tech adoption has been the use of video-calling software for team meetings. These platforms, if not used correctly, can be unsecured and open to uninvited guests, which is anyone with a meeting link, thereby providing adept hackers a gateway to an employee’s system and the data it houses. To ensure your official meetings remain secure and your data protected, meeting hosts should “lock” their virtual conference rooms, or passwordprotect each meeting and avoid sharing meeting links on open platforms. Regulations for remote meetings should mandate the updating of video-calling software regularly so that it’s equipped with the latest security upgrades and bug fixes.