Call it Yahoo-yahoo, wire-wire or any name that best suit it, bet it as it may, internet scam is accelerating at a record speed and fears are mounting. Experts are of the opinion that the new normal where more people are having to work remotely is fueling this.
A senior computer network Manager for a multinational financial services company, who pleads anonymity because of the nature of their job, says they are bombarded from all directions.
“We see everything,” he said. “Staff get emails sent to them pretending to be from the service desk, asking them to reset their log-in passwords. We see workers being tricked into downloading viruses from hackers demanding ransoms, and we have even had employees sent WhatsApp messages pretending to be from the CEO, asking for money transfers.”
He revealed,” having staff working from home during the lockdowns has just made it worse, as it is much harder to keep an eye on everyone.”
A recent survey in a country like the United Kingdom that with one in three UK workers currently based exclusively at home, and the same level in the US, this remote working on a vast scale continues to be a major headache for the IT security bosses of companies large and small around the world. This is not very different in Nigeria too where many businesses now operate remotely and only on certain days.
And studies shows that many organisations are not taking the issue as seriously as they should. For example, one in five UK home workers has received no training on cyber-security, according to a recent survey by legal firm Hayes Connor Solicitors. The report also found that two out of three employees who printed potentially sensitive work documents at home admitted to disposing them carelessly.
Meanwhile, a separate UK study last year found that 57% of IT decision makers believe that remote workers will expose their firm to the risk of a data breach. “In the rush and panic to set remote working practices up, even simple data protection practices were ignored,” says Christine Sabino, a senior associate at Hayes Connor. “Companies did not provide additional security relating to computers, electronic communication, phone communication.”
So, what can both companies and home working staff do to make things as safe and secure as possible? Victor Ojelabi, CEO of Freelart Limited, an IT consultancy firm in Nigeria, says companies should have started by giving all home workers a dedicated work laptop. While many larger companies may well have done this, not all smaller firms necessarily have the resources to do so.
“Provide staff with laptops and other equipment that are owned, controlled and configured by the company,” he advised. “This alleviates the burden on your people to set things up right, and ensures they follow the security controls the company wants.”
Definitely, don’t allow staff using their personal computers for work, said Sam Grubb, a US-based cyber-security consultant, and author of forthcoming book How Cybersecurity Really Works. “The main problem with using your own computer to do work is that you are not limited in what you can do on it, nor are you necessarily the only one that uses it,” he stated.
“So, while you might not be visiting a shady website to download movies for free, your teenage son could be doing that exact thing on your home laptop without you even knowing. This makes it much easier for malware or other attacks to happen. This might affect the work you are doing, or in a worst-case scenario, lead to the compromise of co-workers’ devices, or other company devices such as servers.”
He added that the next step is that companies must set up a VPN or virtual private network, so that remote computers have secure and encrypted connections with the firm’s servers and everyone else in the company.
Grubb, while explaining how VPNs work, used a transport and wildlife analogy.
“A VPN is like a tunnel between two cities. Instead of driving through the dark forest full of tigers, lions and bears, you drive through the underground tunnel, where no one can see you driving until you reach your destination on the other side.”
However, even with work laptops, VPNs and the latest cyber-security software systems in place, staff can still make damaging mistakes, such as falling prey to a “phishing” email – a malicious email pretending to be a legitimate one in order to trick someone into handing over sensitive data. Currently such scam emails doing the rounds include some that are pretending to be informing the targeted person that they have been exposed to COVID-19, or invited to have the vaccine. They ask the recipient to clink on the link, which then tries to download malware onto his or her computer.
For this reason, both advise that it is essential that businesses give staff proper cyber-security training.
“Firms should be providing training to help their employees understand the threats they face,” says Grubb.
More than anything, both staff and their bosses need to do their bit. For example, that employees should avoid talking about work on social media, while firms should give shredders to home workers who need to print things out.
With even the most cyber-security aware home workers just one click away from making a mistake, firms need policies in place so that staff know who to immediately report a threat to.
Tsedal Neeley, a professor of business administration from Harvard Business School who is an expert on remote working, agreed that home workers should know exactly who to report cyber-security problems to. “Engaging with their firm’s IT/cyber-security experts is crucial,” she said.
Freelanews is a potpourri of news, entertainment, business, events and photos. This is no fake news.
