It has been just over a year since our whole office was asked to work from home in response to the looming pandemic.
As you can imagine, going from a 5 day week in the office to suddenly working on a fold-out Bunnings table in an empty room was not a change I was expecting, let alone prepared for. To make things even more challenging, I had just moved into a new house that same week; suddenly I had to deal with problems I did not think were problems at the time.
You never realise just how much of a difference the little things make to your productivity. Things like a stable internet connection, a monitor that won’t make me hunch over my laptop, a chair that can provide more support than my trusty fold-out picnic chair, there was an endless list of stuff that I needed to line up if I was going to be resilient and carry on working from home for the unforeseeable future.
Fast forward to today, I am pleased to tell you all that I have adjusted well and am now comfortably working from home. Not needing to commute to work means I have more time to focus and complete my tasks, and has been great for my work-life balance. I can now focus on the other aspects of my life, exercise and sleep being the big two.
But it wasn’t all smooth sailing. I think I speak for many others out there when I say enforcing boundaries is hard; keeping to scheduled 'work time’ and ‘me time’ was (and still is) a struggle. It was during the blurring of these lines, work time and ‘me time’, where I started to look back on my previous articles focusing on cyber security awareness training, and thought about how the WFH movement is going to impact cybersecurity. The old rules have been unceremoniously thrown out the window, and we all need to come up with a new cyber resilience game plan, fast.
Face-to-face interaction has given way to email interaction
One of the things I have missed most in the past year was having a conversation with someone face-to-face. Video calls are ok, they do the job as far as exchanging information goes, but we are missing out on a lot of non-verbal cues when communicating, and there is no doubt that face-to-face is better for building stronger working relationships.
Now, in an environment where you can’t just walk up to someone’s desk and ask a question, we’ve accepted that email is the default communication channel. But is it the safest? Fake, scammy emails are more widespread than we’d like to think. It’s important that staff be able to distinguish between a general request and a well-crafted impersonation attack.
That email from your ‘Head of HR’ asking for your details to update your profile in their HR system? Or what about the email from IT asking for your login credentials so they can ‘update’ your laptop? These emails and others like them are exactly the kind of tricks cybercriminals use to steal login info and sneak into your network.
We all should be trained to spot the key indicators that make up a phishing or impersonation style attack. What’s more, staff members should be encouraged to be proactive in verifying unusual requests or checking with others if they are unsure.
“Whereas beforehand individuals had the ability to check via other means when uncertain about something – e.g. a face-to-face conversation in the office – now there is certainly an argument that people have become so inclined to communicating via email that they don't realise to check with colleagues via other channels," - Kiri Addison, Head of Data Science for Threat Intelligence at Mimecast
Feel the burn(out)
For me, what marked the end of my workday was packing up my laptop and making that familiar walk towards Flinders Street station. It was more than just a walk to me; it was a physical cue that told me that I was done with the office and the rest of the day was for spending time with friends, family, or just to unwind.
Working from home for meant that there was no more 9-5, or 8-5, or whatever my office hours were. Evening meetings were suddenly more acceptable; I was at home anyway so it's not like they would affect my commute. I have been in situations where some of my work was due on very strict deadlines, and I thought nothing of putting in a little extra time to get it done. I could easily log on for a couple of hours that night and have a good crack at it since everything was already set up for me to work already.
Staying alert when it matters
Here’s a fun analogy for the cricket fans out there. You ever hear about fielders in the slip position focusing on every ball bowled, then switching their focus somewhere else in between bowls? This is a simple technique to help fielders take a mental break in between deliveries, so they can stay alert during the next delivery. Cricket matches can go on for as long as 5 days, so being able to maintain a deep level of focus over several days is no easy task.
Cyber awareness is a bit like that. It's just not possible for a person to stay constantly vigilant for any malicious emails that might come in. Fatigue sets in, distractions occur, and those distractions lead to more fatigue. People will be quick to tell you breaks are important, but will just as quickly forget to set hard rules for when to take breaks.
Are back-to-back video meetings considered okay because there is no need to travel? Video meetings can feel more tiring than in-person meetings, because you have to focus extra hard to pick up subtle behavioural cues from the participants.
Same goes with staff dealing with a daily flood of emails. To stay alert for malicious emails, you need to be diligent with planning your breaks and following through!
These are just a couple of thoughts I’ve had when reflecting about the past year. Hopefully those reading can relate to some of the struggles I’ve experienced. Stay alert, stay refreshed, and here’s to a better year in 2021, everyone!