Source: Infosecurity Magazine
14 Apr 2020

“My biggest concern is when remote workers enter phase three since it is unlikely that remote team leaders and managers will identify these signs until it is upon them.” Steve Durbin, Managing Director, ISF

The concept of the agile and remote worker has become more prevalent in recent years, as consumer Wi-Fi becomes more faster, we carry corporate laptops or BYOD-permitted smartphones, and realize we don’t all need access to a printer and fax machine. That’s been good preparation for the current COVID-19 lockdown, where remote working has moved from being something that you may do one day a week to something that is the new norm for many people.

According to Scott Crawford, research vice-president for the Information Security Channel at 451 Research, the widespread move to home working for many organizations has direct implications on security. In particular, and in addition to the multitude of new phishing attacks and attempts to exploit, “organizations are now faced with a fundamental change in how they manage secure remote access, as well as how they can maintain visibility and control over security concerns.”

The other challenge of having a workforce so distributed and not physically seen is around the security of data, as this will be a time when employees are more easily distracted and working unusual hours. David Greene, chief revenue officer at Fortanix, said that this should be a time to push for a data security consideration.

He added: “You need to know that data is safe at all times wherever it is currently being used and it needs to be as automated and transparent as possible, as stressed out employees will actively work around anything that interferes with getting their work done.”

Greene said that the greater stress of everyone being in their house together is of course an entirely separate issue, and that leads to the mental health consideration. Steve Durbin, managing director of the Information Security Forum, explained that the human element is the third phase of security, with phase one being about the technology and ensuring remote workers are equipped, while phase two is about targeted attacks on organizations where the remote worker is seen as potentially being the weakest link in the security chain.

“Phase three will come about through increased stress and cyber-anxiety which will result in a lowering of vigilance and frankly, the sheer boredom of having to work remotely when the normal routine has been built around social interaction,” he said.

“My biggest concern is when remote workers enter phase three since it is unlikely that remote team leaders and managers will identify these signs until it is upon them.”

Read Full Article