Did you know that working from a coffeeshop could be one of the riskiest moves a remote employee can make?
Even though cyber criminals are using increasingly sophisticated technology, old-fashioned approaches like eavesdropping, taking a surreptitious photo of your sign-in screen, or just grabbing your device and running are still their go-to tactics.
And were you aware that since lockdowns began in 2020, there has been a 75 percent rise in digital crimes each day – including a myriad of new phishing schemes?
“As remote working shifts from a temporary solution to a common practice, businesses need to rethink and revisit their cyber risks,” says cybersecurity CEO Jeff Norton in Insurance Journal. “Policies and protocols introduced when companies switched to remote working may have sufficed in the short-term, but questions now need to be asked as to whether these are fit for purpose for the long-term.”
Take the following test and see how much you know about the cyber-risks of remote working.
Stay on top of the latest developments in ethics and professionalism by being insured with Lawyers Mutual. Our email newsletter “Practice Reimagined” offers timely tips, pointers and valuable links to help you navigate the new normal.
Take This Cyber-Risk Test
Answer the following statements either True or False (quotes are from Jeff Norton’s article).
- The fact that we use our devices so much and are so comfortable with them makes it less likely that a problem will occur. Answer: “There’s an increased comfort level when it comes to personal phones, laptops and tablets,” writes Norton. “After all, they are devices we’ve chosen to purchase, use on a frequent basis, and can often come without the cumbersome security protocols inbuilt into many work devices. However, it’s the absence of these security protocols that makes them a cyber risk.”
- If an employee’s device is compromised, hackers may gain an open door to your network or data without IT even noticing. Answer: True
- Communal workspaces like coffee shops and hotels don’t pose great cyber risks. Answer: “If increasing numbers of employees decide to start setting up shop for the day in public spaces, this could create a new set of risks. With open and unsecured networks, coffee shop and hotel public networks are hot spots for hackers. Criminals are able to exploit the unsecured and unencrypted nature of these networks to access sensitive and confidential data.”
- It’s important to educate your staff on the increased risks of public networks. Answer: True
- Everyone should receive exactly the same training. Answer: False. “While all employees should participate in regular cyber-security training, this should go hand in hand with specific training tailored to the needs of individual teams and departments as different areas of the workforce will be subject to varying cyber risks,” according to Norton. “HR and finance for example sit on a wealth of personal employee data which is frequently the target of email phishing scams.”
- No employee should ever be allowed to use a personal device for firm business. Answer: “Rather than a blanket ban on personal devices, dummy terminals and secure apps can be installed enabling employees to access company data without compromising security,” according to Norton. “IT can also mandate employees install the latest software on their personal device to patch any bugs or software vulnerabilities that can be exploited by hackers.”
- Potential consequences of remote working include a weakening of corporate culture and a greater sense of isolation and detachment. Answer: True
- The fact that new employees are being onboarded without the usual in-person interactions increases your firm’s cyber risk. Answer: “How can new employees assess the credibility of emails supposedly sent from finance, IT or teams when the identity of many of these colleagues remain a mystery to new staff?”
- Not having a living, breathing co-worker nearby heightens the cyber-risk. Answer: “In the ‘old days’ of office working, employees could easily ask a colleague for a second pair of eyes on a suspicious email or link,” says Norton. “However, now employees are far more independent about trusting their own instincts, which will inevitably lead to some lapses in judgment.”
- The remote policies and protocols you instituted back in the spring are probably still fine now. Answer: “The transition to remote working was sharp and sudden, with many anticipating it lasting just a few weeks, perhaps months. However, as we settle into this new environment, now is the time for firms to revisit their cyber security protocols and consider whether any elements were forgotten.”
Jay Reeves is author of The Most Powerful Attorney in the World. He practiced law in North Carolina and South Carolina. Now he writes and speaks at CLEs, keynotes and in-firm presentations on lawyer professionalism and well-being. He runs Your Law Life LLC, which helps lawyers add purpose, profits and peace of mind to their practices. Contact firstname.lastname@example.org or 919-619-2441.