Ah finally, we have some nice weather here in the Chicago area. For the last five days, it has been nothing but rain and cloud, and no absolutely no sunlight whatsoever. But today, it feels like summer again.
With the dawn of a new beginning (LOL) many people and businesses are still fighting the issues of COVD19. But there is another group of people that are greatly impacted by this, which do not get as much attention in the media like everybody else: That is the newly minted college graduate, and their efforts to find a job.
Of course as we all know, the times of interviewing are much more different now than they were just a year ago. Now, most of the interviews are taking place via video conferencing, phone call and even by Email.
Now, the newbie on the job market does not even have to visit, for the most part, a traditional brick and mortar office. If they fit the bill, an offer letter is sent out, and once that has been signed off, he or she will more than likely be sent a work laptop.
Then starts the onboarding process, training, etc. But to the newbie in the job market, there are still some things that they will not be aware of, especially when it comes to WFH. These are as follows:
*They will not be used to working in a rather isolated environment. Meaning, there will be no structure in their daily routines, as they will be surrounded with a plethora of issues, such as family, kids, etc. Because of this, he or she will be much prone to become a victim of Phishing or Social Engineering attacks. One of the primary reasons for this is that they will be new on the job, and for lack of a better term, will want to impress their boss as much as possible. With this haste in mind, security will be far away from their minds, in order to get their daily job tasks done. Put in simpler terms, they will not think twice before clicking on a link or downloading an attachment.
*The newbies of today are a lot more in tune and tethered to technological devices than the older crowd, which includes people like me. So because of this, the chances are a heck of a lot higher that they will use their own personal devices to conduct their daily job tasks, even if they have a company issued device. The perfect example of this is the Smartphone. Because they will know the ins and the outs much better on their own phone, he or she will feel a lot more comfortable using that than a different one. With this, also comes the risk of what is known as “Shadow IT”. This is where an employee, whether they are working remotely or not, will tend to use and even download the software applications that they are most comfortable with, versus using the ones that have been authorized for use by the IT Security team of their employer. Of course, this brings its own entire plate of security risks, because more than likely, their personal device will not have the most updated security features installed onto them, or even the latest software patches and upgrades. To make things even worse, there will be no Encryption mechanisms deployed, so this will make the probability of mission critical data and information much more susceptible to interception by a malicious third party, such as that of the Cyberattacker.
*There will be an increased usage of unsecured Wi Fi network connections. Yes, many places have opened up to a certain degree, and staying at home for days and weeks on end can certainly take their toll on anybody. Thus, the newbie will of course want to flee their comfortable surroundings even if it is just for a few hours in order to get their work done. With this, the tendency to use the local Wi Fi hotspot will increase dramatically, such as those that you find at Starbuck’s or Panera Bread. Yes, these are rather solid Internet based connections, but they have one huge problem: They are not encrypted, so anything is visible to the outside world, and the password is publicly available. In the excitement of being in a different kind of environment in order to get their work done, more than likely, the newbie will tend to forget to log into the VPN, use their complex password, etc. Rather, the tendency will be to default back onto what they have used normally before. Also, as more people start to gather at public places, there will be of course the excitement as well as to become a social creature. The newbie will want to make conversations with their neighbors at the local café, but yet once again, this can pose yet another strong security concern: A Cyberattacker could be very well sitting in the café as well, eavesdropping in on the conversation, and with a data sniffer that is covertly hidden, even pick up the data packets that are being transmitted between the wireless device and the public Wi Fi hotspot. This is actually yet another form of Social Engineering.
*There is now the meshing of home-based networks and the corporate networks. This simply means that in rather than using the company connections to log in from their laptop, the newbie will be logging in directly from their home network. Of course, this is an issue that is literally impacting all remote workers. The IT Security teams across Corporate America are fast scrambling now to see how they can make this meshing of the networks much more secure, especially from the standpoint of deploying the needed software upgrades and patches. But yet, there is another new problem that is also fast arising: The VPN. This has been the traditional tool which has been used to secure the network lines of communications for the remote worker. But this too is being stretched to its limits because they were not designed to handle a near 99% remote workforce capacity on a global level. So because of this, many businesses are now turning over to what is known as the “Next Generation Firewall”, which includes a much more sophisticated VPN included into it.
My Thoughts On This
Ultimately in the end, COVID19 will always be with us, at least from a biological standpoint. The Cyber impacts of it may plateau of it after some time, but keep in mind that much newer threat variants will come from them. One of the key tools that you have in your arsenal is that of employee training.
It is very important to keep in mind that this not just a one and done deal, it is a continual, ongoing process over long timespan.
In this regard, Cybersecurity training should start from day one when you bring on a new hire. You really need to stress the importance of how to look out for Phishing Emails, why they should not use their personal device to conduct work related matters, how not to fall for Social Engineering attacks, and not to use public Wi Fi hotspots for sending out work related information and data.
There are many ways in which you can leverage a training program, but one common denominator is that keep it simple, interesting, and engaging so that your newbie employee will remember and make use of what they have learned.
From a technological perspective, there are tons of tips on how to secure your remote workers. A simple Google search will reveal all of that for you. But equally important, you should also make use of both Artificial Intelligence (AI) and Machine Learning (ML) tools. They can capture malicious and anomalous sorts of behavior, so that you can kill off any potential threats right at its bud. This will also help to mitigate the risk of lateral movement on part of the Cyberattacker in case your lines of defenses are breached.