Working from Home (WFH) – the new privacy frontier!

Arguably, one of the most profound effects of the COVID-19 pandemic has been the accelerated shift from the office to working from home (WFH).

The overall trend towards remote working has been well documented, but the COVID-19 pandemic has created the ‘new sub-normal’ for millions and is likely to remain with us well after the global economy has emerged from the deep freeze.

At the same time, neuroscientists have been able to observe the effects of WFH on a global scale that had not been possible pre-COVID.

For example, a report by the NeuroLeadership Institute (NLI) observed that overall trends in remote working have been steadily growing over the past decade. But the seismic shift in WFH, created by the COVID-19 pandemic, had not come easily to all workers: around 50 percent reported increased anxiety levels from one week to the next.

The reason for this was that having access to information allows us to manage our expectations and gain a sense of predictability over what comes next. When we experience an information deficit, exacerbated by WFH, this often generates a strong internal threat response within us and in turn creates a new kind of paranoia, explains the report’s authors:

When we are anxious, our need (perceived or real) to survive takes over. We start thinking and acting in our own self interest and we no longer work as hard to consider others’ points of view. This makes collaboration even more difficult. […] Why? Because we’re social animals. We have an innate need to belong to groups that can offer us safety, shelter and acceptance. We need all three in order to thrive. Physical isolation threatens this basic need. Without it, we find it hard to regulate our emotions and our fight and flight response is triggered more easily., adding layers of complexity to projects and additional risks to delivery.

WFH creates the ideal conditions for the threats to privacy, with alarming consequences. According to the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), an increasing number of malicious cyber actors are exploiting the current COVID-19 pandemic by preying on those WFH.

The surge in WFH has increased the use of potentially vulnerable services, such as Virtual Private Networks (VPNs), amplifying the threat to individuals and organisations. The net result of this is that personal data has a broader physical footprint and organisations have less control over how it is being accessed if workers are outside the safety of the company perimeter. Whereas previously smaller organisations, that were less stringently protected, were able to fly under the radar and avoid cyber-attacks, this is no longer the case. Advanced persistent threat (APT) groups and cyber criminals are targeting individuals, small and medium businesses and large organisations with COVID-19 related scams and phishing emails on an industrial scale.

An Interpol assessment of the impact of COVID-19 on cybercrime last year showed that cybercriminals were developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID- 19.

The increased online dependency for people around the world, is also creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date. The report’s findings again underline the need for closer public-private sector cooperation if we are to effectively tackle the threat COVID-19 also poses to our cyber health.

As the COVID-19 vaccine starts to get rolled out across countries, there is likely to be an increase in phishing attacks related to medical products as well as network intrusion and cyberattacks to steal sensitive personal data.

Interpol warns that these threat actors have revised their usual online scams and phishing schemes and by deploying COVID-19 themed phishing emails, often impersonating government and health authorities, they entice victims into providing their personal data and downloading malicious content.

WFH is the new privacy frontier that can catch out data protection professionals by surprise. With the tables turned, it probably makes sense to maintain a good security posture at home, which is perhaps now even more important than keeping up our guard at work.

Cyber risk does not stop when we leave the office, and head home, and nor does it cease when we close the door to our home office.

Ardi Kolah BA (Hons), LL.M, MBCS, CIPP/E, CIPM, FIP, FRSA

Doctorate Researcher, Queen’s University Belfast

Founding Editor-in-Chief, Journal of Data Protection & Privacy

March 2021

Leave a reply