I Love Smart Working
by blue_elk934
"Raise your hand if you want remote working to last forever."
This question could be asked to pedestrians paying attention to their smartphones or in a post where an elaborate answer is replaced by a heart, a bulb, or a clap.
In 2020, I read a LinkedIn post that listed all the advantages of remote working. In 2020, China COVID-19 severely affected Italy and, for this reason, one of the first measures enacted was the massive implementation of smart working. It is not surprising that most people happily approved of this decision.
Together with the numerous advantages of smart working, it must also be considered that the pandemic was a tempting opportunity for some bad guys. I want to imagine these guys as if they were in a restaurant. I'll give an example:
Starter: Understanding the victim's network infrastructure.
Main Course: Entering the victim's infrastructure network by phishing email for the employee.
Second Dish: Once inside the victim's network, launching an SQL injection to disclose the employee's ID.
Side: Finding out the managers' emails, telephone numbers, and those of other important people.
What about the dessert? There you go: a ransomware that could knock out the enterprise!
My example could be funny for most people, but it's an unfortunately true story. In 2020, the information technology attacks increased by 12 percent. In particular, there were attacks with impacts of "high" and "critical."
In a large part of this alarming percentage, many attacks were caused precisely by:
- The use of personal and non-corporate devices (laptops, smartphones, etc., the so-called BYOD - Bring Your Own Device).
- Naive employees attracted by phishing emails who downloaded dangerous attachments or entered company login credentials.
- The inadequate security of home routers played a fundamental role (for example, using WPS and WEP ciphers).
- Employees exchanged emails containing TOP SECRET data without using cipher email plugins.
Some people may think that this situation was due to the naivety of the employees. However, the companies should have invested more into areas concerning security.
I came up with some ideas:
- First of all, it is important to give companies the opportunity to invest (with tax advantages) in secure fields in order to train employees and enable them to protect themselves from these cyber threats. If companies do not have enough resources to invest, the government should intervene through state contributions.
- Have employees use only company devices, avoiding the so-called BYOD.
- Also involve schools in the training process, because students are more technologically literate than their parents (the employees). It could be an opportunity for discussion, dialogue, and greater awareness of cyber threats.
- Employees should be allowed to report safety issues quickly and easily - every minute counts!
- The use of Intrusion Detection System (IDS) that monitors the behavior of the corporate network.
- Also, simulating calls to employees (social engineering) and ad hoc phishing emails would be useful to understand the degree of "naivety" of employees.
If smart working is the method of working in the future, we need to intervene immediately with awareness and tenacity!
After these years of the pandemic, I think the time has come for the so-called renaissance of cybersecurity to occur in the world.
This is a great opportunity for a profound dialogue on this issue that can lead to greater collaboration between computer experts avoiding vanity and popularity, that popularity existing just because you have a resume full of semi-series computer certifications and 5000 connections on LinkedIn!