Remote work spawns security concerns

Opinion

Hey there, time traveller!
This article was published 09/04/2020 (1992 days ago), so information in it may no longer be current.

It’s something no government at any level has ever had to face: working remotely en masse in the age of pandemic and the Internet. But here we are: COVID-19 has resulted in workers at all levels being sent to work from home with laptops or computers; meetings are being conducted over the phone and through teleconferencing services such as Zoom or Google Meet.

In this rush to continue working, should we be worried about our privacy? Just how safe is our personal information when data are being shared from home?

The shift to remote working caught most companies off-guard. In conversations I have had with my friends, I have heard about harried phone calls with staff members as attempts have been made to determine how working arrangements would play out. In one case, my friend’s entire desk, file drawers and officer computer were moved to her home so she could seamlessly continue to work.

However, she works in a small office, running communications. Others have told me about long hours, including weekend overtime, trying to plan for their employees while ironing out security details and updating software.

Generally, working from home becomes a problem when personal computers aren’t updated with the most recent software and security provisions, because workers risk exposing the entire system to phishing attacks and other issues. Cynet, a network-monitoring provider, conducted a study in Italy and determined there was a distinct spike in phishing attacks as a result of the increased number of people working remotely during that country’s pandemic outbreak.

As reported in IT World Canada, the report suggested “Remote workers have become a weak link that threat actors are targeting and that user credentials in offsite computing (home) environments are increasingly at risk — especially in regions with escalating cases of COVID-19. This spike is coupled by a similar increase in anomalous remote login attempts flagged by Cynet as malicious. Crossing the two trends indicates a clear inclination by criminal hackers to leverage the situation and maliciously log in to organizational resources.”

The conclusion is that remote login activities made for easy targets, particularly to cloud apps and services.

One of the recommendations for those working remotely is the use of cloud-based apps rather than sharing files and to ensure that any third-party cloud services are verified as secure. This way, confidential information and individuals’ computers remain secure.

Those who have been using Zoom to do teleconferencing have been advised of its privacy risks. The Washington Post accessed personal Zoom videos that included therapy sessions, training orientations for workers that showed people’s names and phone numbers, and meetings that included financial statements. Other personal videos included nudity.

“Zoombombing” attacks have also become a concern. It’s a form of cyber-harassment in which a Zoom conference is interrupted by pornographic or hateful images. Last week, Zoom founder Eric Yuan published a blog addressing the cyber-attacks; in it, he wrote that the company did not expect usage to grow as massively as it did in February after it announced plans to help during the COVID-19 crisis.

According to Yuan, “To put this growth in context, as of the end of December last year, the maximum number of daily meeting participants, both free and paid, conducted on Zoom was approximately 10 million. In March this year, we reached more than 200 million daily meeting participants, both free and paid.”

The company has now provided security updates and training to ensure those who use Zoom can operate in a safe environment, but it’s not clear how effective this has been.

Kevin Walby, an associate professor of criminal justice who’s also in charge of the Centre for Access to Information and Justice at the University of Winnipeg, says these are unprecedented times for everyone attempting to work from home. His suggestion for teleconferencing?

“Government agencies need to work with the companies supplying these communication platforms to ensure proper information encryption is achieved.” But, Walby admits, that’s likely not a high priority right now, given the dynamics of pandemic and the focus of on health care.

As a result, Walby says, when it comes to working on platforms such as Zoom, “the responsibility for privacy becomes downloaded onto every individual, so we must be careful about what information we are sharing on these platforms and how we are organizing these meetings. We just don’t know how the information might be collected, and for what purposes.”

COVID-19 has changed our routines in many ways, including how we work. It’s important that our personal information does not become another casualty.

Shannon Sampert is a retired political scientist who works as a media consultant with her company Media Diva.

shannon@mediadiva.ca

Twitter: @cdnmediadiva