Cybersecurity in the Pandemic Panic - Remote Personnel Management & Collaboration

Remote work is becoming a new experience for many due to the current events that can be difficult for employers and employees to grasp. As more companies roll out mandatory remote work from home (WFH) in response to COVID-19, organizations need to consider what the new home office procedures are and the communication plan for remote personnel.

In Part 4 of our 4 part series, we will discuss:

  • How to manage remote teams and collaborate effectively
  • Communicating Remotely During COVID-19
  • Using remote communication to collaborate effectively

The Need for Increased Communication

Before COVID-19 most employees spent working days in close proximity of their manager. This made communication easy and almost effortless. Unfortunately, this is a luxury that is eliminated when employees WFH. As a result, managers must be more intentional and adamant about not only keeping employees in the loop but boosting their morale when needed. Employees need to know what is expected of them in spite of the changing work environment.

There are a variety of productivity platforms like Skype, MS Teams, Slack, and Zoom that coworkers can use to collaborate. These platforms all outshine email due to their video conference ability, as emails can be easily misconstrued. Additionally, these platforms guarantee a message is received when compared to emails that can be missed or lost in congested inboxes. It is also worth noting that the context of an email can be limited without facial expressions and thus, it can be confusing to decipher the significance of the message. These misinterpretations can create anxiety that can, in turn, become costly, affecting innovation, engagement, and productivity. Of course, spending a few extra minutes to confirm an email matches the sender’s intent can remove these limitations. This new reliance on in-text communication requires organizations to create new norms. These norms can be set at an individual level such as peoples’ preferred communication channel or a department level like preferred response time.

Despite being unable to meet face-to-face, alternatives like video communication are great alternatives. Many video platforms have features like screen sharing, annotating, and recording that can be more effective than an in-person meeting. Furthermore, being behind a screen can provide new opportunities for some employees as text-based communication places little importance on interpersonal skills and physical appearance. While live video conferences might sound pointless, they make a massive difference in verifying there is no ambiguity in what is being discussed. This is important because the delays associated with remote communication can distort the normal pace of a conversation. In which case, lacking an immediate response can contribute to employee confusion, frustration, or loss of productivity. Additionally, in an effort to be efficient, it is typical to use fewer words to communicate. However, such short handedness can waste a coworkers' time trying to interpret messages and is why messages need to be sent with clear objectives.


Watching out for Cybercriminals

It is clear that cybercriminals are using the pandemic to cash in on the new number of remote personnel. These skilled actors may also employ automated tools like Social Mapper or LinkedIn scraping tools to gain intelligence of employment titles, organizational structure, and even technologies that the company uses enabling the threat actor to increase a sense of legitimacy on their attack. The FBI has issued alerts on phishing campaigns specifically imitating healthcare organizations like the Center for Disease Control and the World Health Organization. These campaigns target remote workers in an undertaking to harvest personal information or gain access to company accounts. With this in mind, employers can get ahead of adversaries by using the alleviated commute time to fit in online phishing and security training.

Security training can be beneficial and particularly memorable during a time of heightened fear because COVID-19 has everybody on high alert. Furthermore, simulated phishing campaigns can aid in keeping employees’ minds engaged as well as enthusiastic to learn. Something like a reward system can incentivize employees to report phishing emails and subsequently reduce the click-through rate, or percentage of people who access a link. The training should be centered on helping employees successfully report potential phishes and not to criticize them. Conversely, it can also be used to reiterate channels for reporting events or suspicious behavior thus, enhance the overarching security posture of an organization.

Beyond employee security, organizations must also consider security protections and data privacy when utilizing public or cloud-based platform to communicate. Many conferencing services are known for tracking attendees, selling user data, leaking email addresses, and giving information to legal authorities. Additionally, issues like “Zoombombing” are increasingly exploited. Zoombombing is when an unauthorized individual takes advantage of a screen sharing session to broadcast explicit material for their amusement or cause interferences. Due to the newness with using webinar platforms, organizations should investigate platforms’ data privacy standards as well as create guides on how to enable security features like password protecting conferences or limiting screen sharing capabilities.


Prolonged Isolation

For many employees, the new WFH setup will be the first time they have ever remotely operated.  As a result, staying on task in a new environment could be challenging. Isolation can certainly introduce loneliness and when people are lonely they tend to feel less motivated and productive. Last year Buffer, an online brand development agency, conducted a study of 2,500 remote personnel and found that loneliness was the second-most reported challenge, behind unplugging after work. Something like a mindfulness meditation webinar during lunch could greatly reduce the negative feelings that arise from isolation.    

At the time of writing this article, no evidence has been released for how long the WFH normalcy will last. Regardless, remote work should no longer be viewed as a temporary trend, but as something that is here to stay. Therefore, it is certainly worth investing in an ad hoc home office. So rather than “working” in front of the TV or lying in bed with a laptop, employees are better equipped to complete their duties. Moreover, having a dedicated work area can signal to other individuals living with an employee that they “are at work.” This boundary creation enables employees to concentrate more, yet also enjoy the benefits of reduced commuting and coworker interruptions. It can also prevent other household members from using a work-issued device. Even though there might not be any mal-intent in a family member using an employee’s computer to browse the internet, this unlocks the potential for an attacker to entice a user to click on links or install malicious applications.

Make no mistake, WFH can be incredibly stressful. Furthermore, reading negative headlines in an attempt to stay informed and stocking up on necessities can put work on the back burner. The more effort organizations put into communication the better chance they have at avoiding employees’ feelings such as depression. Moreover, constant communication can make personnel aware that they are not forgotten and hence, keep the spirits high enabling them to effectively WFH as they are tossed into the unanticipated work environment. 

Silent Sector knows the immense pressure organizations are under to sustain normal business operations throughout the pandemic. Contact us today to learn how we can assist you in communication policy development and cybersecurity consulting as you transition to a long-term remote workforce. 

About the Author

Written by Haidon Storro

Cybersecurity Research & Content Manager, Silent Sector -- Haidon Storro is a Cyber Security Analyst for CVS Health. She has her BS in IT Cyber Security as well as security certifications like CompTIA Security+ and ISC2. While Haidon is newer to the security community, she has dedicated herself to learning as much as she can through internships, online courses, and conventions like DefCon. In her free time, she enjoys reading about new advancements in technology, going to security meetups and participating in cyber defense competitions. One of Haidon’s goals is to make the connected world safer by bridging the human aspect with technology.