Security blogs

Psychological and Security issues when working from home

Have you ever wondered what are the psychological risks and cyber security impacts are, that we encounter when our staff are asked to work at home?

Upending the way people work can take its toll on staff psychologically, notwithstanding during an unprecedented crisis like the current pandemic. Working from home can be quite a challenge.

Working from home can require considerable self-control. Whereas our “normal” work environments in offices, factories, and shops they are set up to effectively ensure that you engage in work, for many employees, home environments are not.

When you are working from home you are challenged with adapting to new technologies, changing forms of communication, resisting distractions from family members, pets, or mundane household activities, or keeping up motivation when the sun is shining outside.

Both employees and managers should be proactive in communicating about performance expectations and any difficulties that arise. If you’re having trouble executing tasks because of the new work arrangement — for instance, due to a poor internet connection or mobile phone signal — let your manager know.

Psychologists also recommend creating a plan for the frequency and mode of communication between colleagues.

One of the most often overlooked aspects for managers is that they do not work out specific arrangements for when and how communication will continue to flow.

If you’re sharing information, reports or analyses, email may be the best way to correspond. But if you’re working with a team to make sense of complex shared information, schedule a phone call or video conference to discuss. Using synchronous media will likely be faster and less prone to misinterpretation.

The “water cooler” discussions that occur every day in the office are often venues for conversing with colleagues on work and social topics. These venues allow staff to discuss ideas, frustrations, and release workday stresses. The lack of this facility prevents staff from sharing this experience and subsequently increases stress with staff.

When working remotely, staff tend to experience social and professional isolation compared with employees who work in a company office. Those feelings of loneliness will likely be worse now, as “social distancing” measures cut workers off from their in-person social support systems outside of work as well.

Staying connected to other co-workers, managers and customers is paramount to successful remote working. While it might be tempting to think of yourself as an island working from home, remote workers need to be provided a social and professional support system so that the social fabric that occurs in the corporate workplace is replicated as much as possible when working remotely.

Managers might provide opportunities for informal conversation during phone or video conferences so employees can continue to build healthy and supportive co-worker relationships. A company may also create a designated online messaging space for coronavirus-related and other chatter, including news and office updates, personal stories and requests for supplies or guidance.

While the simple act of leaving the office after work immediately helps facilitate work detachment, this clearly becomes much more difficult when working from home. So, it is vitally important to actively manage the boundaries between work and non-work time to allow for that kind of detachment.

We all need to be cognisant of the impacts upon staff moral whilst working remotely. what is needed is to Provide staff with the tools and support to openly discuss their thoughts feely daily with their colleagues and management.

Allow staff to collaborate on teleconferencing facilities to home non-work-related open discussions.

Here are some tips on how to enhance mental health and well-being when working from home:

  1. Set up a dedicated workspace, which should be as free from distractions as possible. Studies show that working from home can interfere with sleep, especially for people who find it difficult to switch off from work. Avoid working in your bedroom if possible. It will then become associated with being alert, awake and switched on.
  2. Develop a schedule, which includes phases of focused work as well as breaks. Try a digital detox in the evenings to help you switch off from work. Spend quality time with your family and friends or do some things that you want to do.
  3. Set a routine as if you are going into the office, with a regular start time, and finish time, and a structure for your day, with breaks and exercise scheduled in. This will help you maintain a strong boundary between work and home life, minimise the possibility of work intruding into your family time, and help you switch off from work at the end of the day. Creating cues, such as getting changed into your work clothes at the start of the day, and out at the end, can help with this. If possible, divide and share times dedicated to family and pet care.
  4. Organise your email communication and reserve dedicated times for responding to emails.
  5. Set up dedicated times for work and leisure – and stick to these times.
  6. Refrain from setting impromptu goals (such as, “I will stop working once I finish this task”) as deadlines for finishing work.
  7. If possible, work in a different room than the one you spend your leisure time in. Particularly avoid working in your bedroom as it may remind you of work-related issues, preventing detachment when you go to sleep. (If you don’t have the option of a different room, then try to tidy away everything that may remind you of work.)
  8. Refrain from all forms of work-related communication during non-work time.
  9. Engage in absorbing activities, which capture your full attention after work. Good examples include exercise, cooking, mindfulness meditation, or focused playing with your children or pets. Try and get outside at least once a day. If you’re not stuck in self-isolation, try to get outside at least once a day. Go for a walk, get some fresh air, and sunshine. If you are in isolation, go out to your garden or walk up and down your driveway or go out onto your balcony and enjoy fresh air.
  10. Set up time to chat with work colleagues about social topics, allowing for some potential work-related discussions with your colleagues. It may sound weird, but you may need to schedule non work-related discussions with your colleagues.

In an office environment, staff typically check in with each other if something looks off,  or they are unsure, like a potential phishing email, but unfortunately while we work remotely, we are alone and have no one else to help us.

What’s more, we feel safe at home and may therefore be less disciplined or vigilant to cyber-attacks.

The potential security risks increase during these times, notwithstanding, the psychological stress that can be placed upon staff, expecting them to be vigilant whilst working alone.

Analysis by researchers at Tessian reveals that 52% of employees believe they can get away with riskier behaviour when working from home, such as sharing confidential files via email instead of more trusted mechanisms. some of the top reasons employees aren’t completely following the same safe data practices as usual include working from their own device, rather than a company issued one, as well as feeling as if they can take additional risks because they’re not being watched by IT and security.

In some cases, employees aren’t purposefully ignoring security practices, but distractions while working from home, such as family, room-mates, pets and not having a desk set-up like they would at the office which are having an impact on how people operate.

Meanwhile, some employees say they’re being forced to cut security corners because they’re under pressure to get work done quickly.

Half of those surveyed said they’ve had to find workarounds for security policies in order to efficiently do the work they’re required to do, suggesting that in some cases, security policies are too much of a barrier for employees working from home to adapt to.

However, by adopting workarounds employees could be putting their organisation at risk from cyberattacks, especially as hackers increasingly turn their attention to remote workers.

But all it takes is one misdirected email, incorrectly stored data file, or weak password, before a business faces a severe data breach that results in the wrath of regulations and financial turmoil.

Cyber security tips

Here are nine things you can do in your new working environment to protect your work and your household’s cyber security. (courtesy ACSC)

1.      Beware of scams

Cybercriminals see a crisis as an opportunity. Major change brings disruption, and businesses transitioning to working from home arrangements can be an attractive target.

Be aware that the COVID-19 pandemic will be used by cybercriminals to try to scam people out of their money, data and to gain access to systems. While working from home you should:

  • Exercise critical thinking and vigilance when you receive phone calls, messages, and emails.
  • Exercise caution in opening messages, attachments, or clicking on links from unknown senders.
  • Be wary of any requests for personal details, passwords, or bank details, particularly if the message conveys a sense of urgency.
  • If in any doubt of the communicator’s identity, delay any immediate action. Re-establish communication later using contact methods that you have sourced yourself.

For more ACSC information on how to identify and protect yourself from scams see:

2.      Use strong and unique passphrases

Passwords are passé! Strong passphrases are your first line of defence. Enable a strong and unique passphrase on portable devices such as laptops, mobile phones, and tablets.

Use a different passphrase for each website and app, particularly those that store your credit card details or personal information. To use the same username (such as an email address) and passphrase for multiple accounts means that if one is compromised, they are all at risk.

For more ACSC information, see ‘Passphrases’ in the:

3.      Implement multi-factor authentication

Multi-factor authentication is one of the most effective controls you can implement to prevent unauthorised access to computers, applications, and online services. Using multiple layers of authentication makes it much harder to access your systems. Criminals might manage to steal one type of proof of identity (for example, your PIN) but it is very difficult to steal the correct combination of several proofs for any given account.

Multi-factor authentication can use a combination of:

  • something the user knows (a passphrase, PIN, or an answer to a secret question)
  • something the user physically possesses (such as a card, token, or security key)
  • something the user inherently possesses (such as a fingerprint or retina pattern).

If your device supports biometric identification (such as a fingerprint scan) it provides an additional level of security, as well as a convenient way to unlock the device after you have logged in with your passphrase.

For more ACSC information on how to implement multi-factor authentication for specific services, see:

4.      Update your software and operating systems

It is important to allow automatic updates on your devices and systems like your computers, laptops, tablets, and mobile phones. Often, software updates (for operating systems and applications, for example) are developed to address security issues. Updates also often include new security features that protect your data and device.

For more ACSC information on updating operating systems and software, see:

5.      Use a Virtual Private Network (VPN)

Virtual Private Network (VPN) connections are a popular method to connect portable devices to a work network. VPNs secure your web browsing and remote network access.

Sometimes organisations specify that you use a VPN on work devices. If this is the case, you should familiarise yourself with your organisation’s VPN requirements, policies, and procedures.

For more information on VPNs see advice from the Canadian Centre for Cyber Security:

6.      Use trusted Wi-Fi

Using free wireless internet may be tempting; it can also put your information at risk. Free Wi-Fi by its very nature is insecure and can expose your browsing activity to cybercriminals. Cybercriminals have also been known to set up rogue Wi-Fi hotspots with names that look legitimate and can intercept communications, steal your banking credentials, account passwords, and other valuable information.

Use trusted connections when working from home, such as your home internet or mobile internet service from your telecommunications provider.

For more ACSC information on the steps you can take to secure your Wi-Fi, see:

7.      Secure your devices when not in use

It’s much easier to access your information if other people have access to your devices. Do not leave your device unattended and lock your computer when not in use, even if it’s only for a short period of time.

You should also carefully consider who has access to your devices. Don’t lend laptops to children or other members of the household using your work profile or account. They could unintentionally share or delete important information or introduce malicious software to your device.

If you do share your computers or devices with family or your household, have separate profiles so that each person logs in with a unique username and passphrase.

For more ACSC information on good cyber security behaviours, see:

8.      Avoid using portable storage devices

When transporting work from the office or shop to home, portable storage devices like USB drives and cards are easily misplaced and, if access isn’t properly controlled, can harm your computer systems with malware.

If possible, transfer files in more secure ways, such as your organisation’s cloud storage or collaboration solutions. When using USBs and external drives, make sure they are protected with encryption and passphrases.

For more ACSC information on portable storage cyber security, see:

9.      Use trusted sources for information

Cybercriminals and other malicious actors use popular and trending topics such as COVID-19 to spread disinformation or scam people. Impersonating, cloning, or creating websites to look genuine is one way to do this (see ‘Beware of scams’ above). Producing and sharing false information on social media is another.

Be sure to only use trusted and verified information from government and research institution’s websites. Think critically about the sources of information that you use and balance all evidence before believing what people share.

 

Ultimately, working from home can have some enormous benefits but it also comes with psychological challenges and security concerns.

 

At Layer 8 Security we have taken a pragmatic approach to assisting our staff in their journeys whilst working remotely. For further information, contact us on information@layer8security.com.au

 

 

 

 

 

 

You may also like
Can you Hack IT?
Why Security Awareness Does Not Work and What to Do Instead 
Security Awareness Training is ineffective!
Get the budget you need, not the one you deserve.

Leave a Reply

three × 4 =