31 March 2020 3870
Miscellaneous

Are We Safe Working From Home?

Hi Reas friends, how was your holiday for the last few weeks? Hopefully everyone is good and healthy. Still on information security, this time we will discuss another exciting topic, Work from Home / Remote Work that has been carried out by companies in Jakarta and other big cities.

With the COVID-19 pandemic, the President of the Republic of Indonesia has given an appeal to carry out physical distancing with "Work from Home, Learn from Home, Worship at Home". But it turns out that technological attacks are facilitating our WFH activities, do you know that not only COVID-19 cases are increasing, but also cyber cases?

 

Ilustrasi WFH, sumber foto: Westend61/Getty Images

 

 

 

Reporting from Yahoo Finance, with the implementation of WFH, companies and workers unconsciously face “omnichannel” cyber attacks such as robocalls, phishing e-mails, scams, viruses and malware encountered when accessing internet networks. Now, let's discuss what information security risks need to be considered for fellow workers who WFH:

 1. Unsecured Wireless Network
WFH from a coffee cafe sipping a glass of cold coffee and ordering a donut, sure sounds delicious. Wait a minute, is this WFH or WFC? Accessing public networks such in cafes is indeed more economical than using private internet quota at home. However, access to the public network saves a potential threat of security holes too, because we don't know whether the network has been encrypted safely, or maybe someone has entered the network to carry out Man in the Middle attacks and steal our data.

2. Personal Device
Using a personal device such as a laptop or tablet during WFH, can be an option. Although it is more convenient, personal devices are generally not equipped with additional security such as office equipment that already has its own security standards. Moreover, not everyone is aware of equipping their personal devices with the latest version of antivirus, regularly updating windows, setting firewalls, or installing additional backup tools. The lack of combat equipment on personal devices can have a serious impact, such as damage/ loss of important company data that we are working on.

3. Scam
While browsing for work material, a strange message suddenly appears like "your computer has a virus, click here!". Or email messages start to pop up and take advantage of circumstances such as "CHEAP MASKS CLICK HERE" and other things to catch attention to click the message. Be careful, because the scammers are in action. Ignore these messages because they are of no use to be opened.

Companies that implement WFH need to make careful preparations. Here are some suggestions to try:

1. Create a Business Continuity Plan (BCP)
Nobody knows what the future holds. Therefore, efforts are made to keep the company's business running efficiently in providing services in unexpected conditions. BCP is generally designed in a preventive position where the company cannot operate normally by implementing four cycles, namely Reduce threats that can occur, Respond to these threats, Restore activities and Recover operational business to the usual.

2. Provide Comprehensive Socialization
Loud and Clear Instructions can be given by level management to increase data and information security awareness for all company members. Such instructions can be in the form of regulations or memos regulating WFH procedures or top down socialization to minimize the impact of risks that occur during WFH activities.

 

Ilustrasi menjual credential data yang dicuri, sumber foto: https://www.mcafee.com/

3. Usage of a VPN Network
With the large amount of data traffic connected from outside the office network to the company's server devices, we cannot be sure which networks are safe to use. Facilitating employee endpoints by providing VPN tools before entering the office network is the right choice to reduce unwanted risks.

4. Protecting Infrastructure Devices and Endpoints
Infrastructure devices such as servers accessed from outside the company, as well as endpoint devices such as company laptops and tablets that are brought home for WFH certainly need special attention. Security preparations such as antivirus, Endpoint Protection Platforms (EPP) and Endpoint Detections and Response (EDR) can provide an additional layer of security to protect corporate data.

In fact there are still many other security holes encountered during WFH activities, therefore we need to increase our knowledge of information security risks. Apart from safety keeping ourselves from COVID-19, we should also make sure cyber viruses are no less dangerous. Hopefully the CODIV-19 pandemic will end soon, and we can have normal activities again. Stay alert, and always update your knowledge of technology.

 

Sumber:

 

https://www.comparitech.com/blog/information-security/security-remote-working/

 

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/staying-safe-while-working-remotely/

 

https://finance.yahoo.com/news/companies-faces-fresh-security-risks-due-to-people-working-from-home-192211787.html

 

https://www.benefitspro.com/2020/03/17/coronavirus-work-from-home-response-a-boon-for-cybercriminal-exploitation-412-95074/

 

Author

Vicho Septian Darta, S.T., M.T.I, COBIT-F

Email: vicho@indonesiare.co.id