Personal devices putting Singapore employers at risk

More office workers in Singapore are working remotely amid the Covid-19 coronavirus outbreak, but not everyone is using company-issued devices, raising the risk of falling prey to cyber attackers on the prowl for susceptible victims.

According to a study commissioned by CrowdStrike, nine in 10 respondents in Singapore are now working remotely more often or about the same as before, with almost three-quarters working remotely more often as a direct result of the pandemic.

In doing so, 70% of respondents are using personal devices, including laptops and mobile devices, to do their jobs, while 97% use a mix of company-issued and personal devices.

These respondents appear to be aware of the security risks arising from unpatched devices and insecure networks, with 56% believing their devices were only “somewhat secure” against advanced cyber threats.

A further 12% said the devices they were using to work from home were “not very secure” or “not secure at all”.

In many cases, the employers of the survey respondents had not provided extra training on the cyber security risks associated with working from home.

Those working for small businesses with one to 100 employees are at even greater risk, with 61% saying their employer had not given such training.

“Maintaining security in the face of this global office exodus presents significant risks for most organisations”

The study was conducted by YouGov on behalf of CrowdStrike between 14 and 26 April 2020, involving more than 4,000 senior decision-makers in Australia, France, Germany, the UK, India, Japan, the Netherlands, Singapore and the US.

Michael Sentonas, chief technology officer at CrowdStrike, said the cyber security firm was already hearing about the profound challenges of businesses that are supporting directives for employees to vacate offices and work from home.

“Maintaining security in the face of this global office exodus presents significant risks for most organisations,” said Sentonas.

To mitigate these risks, he advised organisations to review security policies, which need to include remote working access management, the use of personal devices, and data privacy considerations for employee access to documents and other information.

He added that personal devices needed to have the same level of security as a company-owned device, and that organisations should consider the privacy implications of personal devices connecting to a business network.

As home Wi-Fi networks may not have the same security controls used in traditional offices, Sentonas said organisations would need to put more focus on data privacy and hunt for intrusions from more entry points.

He also stressed the importance of instilling good cyber security practices among employees, with government agencies such as Singapore’s Cyber Security Agency (CSA) having already warned the public about coronavirus-related phishing attacks and scam campaigns.

In April 2020, the CSA sounded the alarm on calls from scammers impersonating CSA officials who claim to be investigating suspicious activities on their victims’ computer or network.

The victims are asked to install remote desktop access software on their computers. The scammers might also use the CSA logo when they carry out the remote installation and request for payments to resolve the issue.

“Continuous end-user education and communication are extremely important and should include ensuring that remote workers can contact IT quickly for advice. Organisations should also consider employing more stringent email security measures,” he said.