Unfortunately, COVID-19 is here to stay for a few more months in many countries. As more companies request their employees to work from home and avoid meeting other people, people are getting used to spending a longer time on their computers to interact with others.
Since remote working became the ‘new normal’ in society, there has been an increasing number of cybersecurity threats all around the world. For example, in the United States, there has been a series of ransomware attacks against the government’s healthcare systems. Also, a survey conducted by Check Point Research last year showed that 71 per cent of security professionals noticed more security threats and attacks compared to the beginning of COVID-19 spread.
These potential breaches in data protection and privacy are a huge challenge to companies that have most of their employees working remotely. A World Economic Forum’s report finds that roughly half of the companies from their survey chose ‘information security’ as the top priority out of all technical objectives in 2021.
Despite the increasing potential threats to data protection and growing worries of employers, some people’s attitude towards cybersecurity did not change much from the pre-COVID-19 era.
Jisu Um, a freelance illustrator and animator based in Seoul, says she does not have any software or programmes installed on her computer to keep her data safe.
“I do spend more time on the computer than before, but this led me to invest in something else than the data protection,” Um said. “Last year, I spent more money on hardware, for example, RAMs or monitors with higher definition, because I wanted to work with a better computer from home. I didn’t install any safety check-up or firewall programmes to protect my data because I didn’t do that before COVID-19, either.”
On the other hand, some started to show extra caution about keeping their data and privacy safe since the COVID-19 outbreak.
Subin Heo, CEO of a media start-up KOMMON, says that she recently started to close her windows or notifications on the computer before video meetings to prevent her colleagues from seeing anything private during the screen sharing.
“Sometimes notifications that include your private information may pop up [on your window],” Heo said. “I try to close them before video calls, especially when I’m sharing my screen with my colleagues.”
For those who would like to go the extra mile to keep their data and privacy safe, some government organizations are releasing guidelines on cybersecurity at remote workplaces. Korea Internet and Security Agency (KISA), a government agency operating under South Korea’s Ministry of Science and ICT, is one of them. Last June, the agency released a 22-pages long guideline to ensure the cybersecurity of people working from home.
Read 4i-mag’s full interview with Lee Jae-Kwang, general researcher at Korea Internet Security Centre with KISA, to find out practical tips and recommendations to keep your data safe while working, even at home.
Q. Tell us more about KISA. What does the agency do?
“KISA is a government agency specialising in data protection and digitalised programmes and devices in South Korea. We try to promote the advancement and safe use of the internet within the country.
The agency also develops measures against cybersecurity threats; promotes data protection businesses; maintains the .kr country code top-level domain; resolves complaints on illegal spam messages or emails; and supports emerging intelligence communication technology businesses, such as blockchain, fin-tech.”
Q. Are any of KISA’s employees working from home at the moment as well?
“KISA also started to ask employees to work remotely by turns to prevent the spread of COVID-19, since March 2020. Based on South Korea’s social distancing rules, from 30 to 50 per cent of each team are working remotely at the moment.”
Q. What kind of cybersecurity challenges may emerge at remote workspaces?
“Personal devices used at homes — such as personal computers, laptops and mobile devices — often do not have or have weaker security management programs installed than the devices provided by companies. These personal devices can be exposed to malignant code and virus.
If employees use virus-infiltrated devices for their work, hackers can get through networks of companies and steal some private, classified data and information.
Also, employees who are working at public spaces, instead of secured places like their offices, may unintentionally expose their work data [to other people] during the work hours. They also can lose essential equipment, such as a portable drive, at those spaces.
Q. Tell us more about the guideline on keeping non-tact workplace safe, released by KISA last year.
“Many organisations in South Korea started to adopt the remote working system, as the cases of mass infection dramatically increased in February 2020.
During our research on how some intelligence technology companies are dealing with the remote working, we discovered that many were feeling confused and struggling with a variety of problems due to a sudden transition of the workplace. These problems included the lack of resources needed to work from homes, such as devices and licenses for security software, the stability of internet connection at each employee’s home, and unforeseen disturbances happening at homes.
In fact, many of those problems occurred from lack of experience in working remotely. Furthermore, there had been an increase in cybersecurity attacks around then, such as malicious emails that contain false information on COVID-19.
So, KISA decided to make a detailed cybersecurity guideline that individuals, corporates, external agencies working from home can refer to.”
Q. What does KISA’s guideline say?
“Keeping your remote workplace safe does not require some special, extraordinary tasks.
Some of the points from our guideline are what everyone would have heard of at least once. For example, installing computer vaccines for virus and malware and updating them; not opening attached files of malicious emails; and using complicated, secure passwords.
Still, I think diligently following KISA’s guideline, which consists of common, ordinary tips, is the best way to keep your remote workplace and your company safe from increasing cyberattacks.”
Q. What other cybersecurity tips can you give for those working remotely?
“Here are some extra tips I can give:
Digital printer: Make sure the printer is not connected directly to the local internet network. Use a private internet protocol address and inactivate services that you don’t use, such as File Transfer Protocol (FTP), Universal Plug and Play (UPnP) and Simple Network Management Protocol (SNMP). Also, change the administrator’s password regularly. Check the updates for firmware and delete saved documents in the printer once in a while.
Wireless router: Make an administrator’s password longer than eight characters, including capital and small letters, numbers and special characters, and change it often. Check the settings for wireless network regularly, too. Updating your wireless router’s firmware is also a must, and check what devices are connected to the router.
Internet Protocol (IP) Camera: Change the administrator’s password regularly and check if you have left the guest mode off. Try to find more security measures for devices connected to IP Camera and make sure you turn off the camera after usage.
Bluetooth: Turn the Bluetooth switch off when you are not using any Bluetooth devices. Disconnect, unpair devices that you do not use anymore. Using the internet of things (IoT) device that has received a certificate of security is a good tip, too.”
Q. Why is cybersecurity so important to us now?
“COVID-19 brought many changes to our lives. As many of our services in society became non-tact and digitalised, everything centres around the internet now. Various threats regarding cybersecurity have continued since then, which make the issue of data protection more important than ever. Therefore, it is important to keep the tips I mentioned earlier at your workplaces to protect your data by yourself.”