Computer science lecturer Dr Asma Adnane says people need to be aware of cybersecurity risks when it comes to working remotely.
People working remotely to help prevent the spread of coronavirus are at greater risk of being hacked because they are likely to be using less secure computer settings, according to cybersecurity expert Dr Asma Adnane.
As more businesses encourage staff to work from home amid the Covid-19 outbreak, Adnane, who is a computer science lecturer at Loughborough University, has urged workers to check their security settings.
Adnane said remotely accessing sensitive business data causes additional cybersecurity risks, and she encouraged anyone planning on working from home to speak to their IT department first.
She advised the use of secure connections such as a virtual private network (VPN), which effectively encrypts data travelling between a user’s computer and the work network.
‘High risk of attack’
“Working from home might be convenient and safer for you, but this might not be safer for the services and the data you are accessing remotely, especially if you are handling sensitive or personal data,” she said.
“There are many cybersecurity implications while working from home, you are basically connected to internet via an open and maybe non-secured networks – home Wi-Fi or any public Wi-Fi – so all services and files you are accessing become at high risk of attack.
“Cybersecurity threats are generally higher as you are not connected via the secured workplace networks, which have adequate security measures that you do not see such as web filtering, firewall and encryption of data.
“Indeed, if you access sensitive data through unsafe networks, your connections could be intercepted, and the data compromised.”
Adnane said anyone working remotely needs to be aware of their surroundings outside of the office, and not leave devices unlocked when in public spaces such as trains or coffee shops.
Emails, VPNs and security updates
The computer science lecturer also urged people to take care when reading work emails on their smartphones or other devices.
She said: “The security risk is even higher as well if you are not using the corporate machine to connect remotely. In fact, corporate machines are usually up to date with the required security level: patched and updated software and operating system, encrypted hard drive, automatic screen lock and so on.
“Imagine people accessing their work email from their phone, it will be harder to spot phishing emails as they can’t have a good view of the email and the link or attachment in it.
“Another example is if they are accessing services or files from a malware-infected machine, malware could easily access sensitive data and even spread in the corporate network.”
‘The weakest link in cybersecurity’
Adnane said those working remotely should liaise with their IT department and take any training offered by their employer around cybersecurity
She urged workers to use a VPN when working from home, as well as using multi-factor authentication to log in to work-related services, adding to the security of their existing password.
People should also regularly check for software and security updates on their devices to ensure they are always fully protected, she added.
“Finally, employees are usually the weakest link in cybersecurity, so make sure you do the required training to keep you aware and on track of the cybersecurity measures and guidelines in place,” she said.
– PA Media