Diversity & Equality in Health and Care Open Access

The Increase in Security Breaches Through Remote Working

¹Department of Health Sciences, University of Maryland-College Park, United States
^*Correspondence: Syed Adnan Jawaid, Department of Health Sciences, University of Maryland-College Park, United States, Email:

Received: 29-Jun-2022, Manuscript No. IPDEHC-22-14209; Editor assigned: 01-Jul-2022, Pre QC No. IPDEHC-22-14209 (PQ); Reviewed: 15-Jul-2022, QC No. IPDEHC-22-14209; Revised: 20-Jul-2022, Manuscript No. IPDEHC-22-14209 (R); Published: 27-Jul-2022, DOI: 10.21767/2049-5471.19.7.35

Introduction

The following paper has been dealing with the issues that have been faced by people during the COVID-19 outbreak mainly due to the factor of data breaching. The paper discusses how data was compromised on Cloud, which is widely used by people worldwide to keep their work safe. Due to the increasing number of people using cloud storage and software as a service (SaaS), the need for more effective and efficient data handling has become more prevalent. This is also reflected in the increasing number of organizations using the cloud for various functions such as education, healthcare, and e-commerce. Due to the emergence of the COVID-19 pandemic, various cloud services have been affected. This has increased the risk of cyber threats and breaches. In addition to data breaches, other factors such as network breaches are also common targets for attackers. As a result, it is important that the security concerns of organizations are continuously reviewed [1].

A survey conducted by Verizon in March to June revealed that there were 474 data breaches reported globally. Most of these incidents were caused by hackers and thieves, with 80% of them happening in the form of brute force attacks and hacking. The number of confirmed data breaches also doubled from the previous survey [2]. The survey was conducted by 81 global contributors. In March, a similar survey was conducted by Microsoft. It revealed that the number of people using cloud services in Italy increased significantly following the lockdown [3].

The article further highlights the causes and the issues that are faced by people mainly due to working remotely, this included students studying online and impact on the companies as the employees were majorly working from home. The database of education institutions is a treasure chest of potential. It can be exploited by criminal groups to gain access to sensitive data, which is very valuable for their purposes. Schools and universities are also very vulnerable to attack because they store reams of data that are essential to society and the economy [4].

Reasons for Cyber Attacks

Without proper authorization and authentication, remote workstations can’t use enterprise resources for their intended purpose. This is typically the main reason why attackers use biometric methods to access corporate networks. The rapid emergence and evolution of cloud services has created a huge opportunity for both the private and public sectors. However, it is important to note that the increasing number of people using cloud services has led to a rise in the number of security vulnerabilities. This is because the lack of proper security policies can allow attackers to access the data stored in the cloud [5].

Techniques for Cyber Attack

One of the most common ways that attackers can access an organization’s cloud services is through a home network. This method allows them to connect to the company’s network without any privacy protocol. When connecting to an untrusted network, attackers can cause various types of attacks, such as IP spoofing and distributed denial of service (DDoS). Besides being able to access the data stored in the cloud, attackers can also perform various attacks on the system through a network connection.

Some of these include DNS hijacking, cache spoofing, and DNS snooping [6].

The lack of proper training and policies regarding the use of cloud services has made employees vulnerable to security breaches. Due to the lack of proper budget support for the implementation of security policies, the number of dedicated budget slots for remote working decreased during the fiscal year. One of the most common types of cyber-attacks that can be carried out during a health crisis is social engineering. This type of attack involves tricking people into divulging their sensitive information. Due to the nature of this attack, it can be used to take advantage of the remote working situation [7].

In recent days, there has been a rise in the number of severe phishing attacks, which are mainly caused by the sharing of sensitive information through social media platforms such as WhatsApp. This type of attack usually occurs when an attacker sends an email with a link that imitates an official email [8].

Another common type of cyber-attack that can be carried out is phishing, which involves tricking people into clicking on a link that is sent by a fake email. This type of attack usually involves making the victims fall for a fake authority. One of the main reasons why people use cloud services is to keep track of their hobby or passion. They are more likely to follow the latest trends in social media. With the help of cloud services, people can easily access various applications, such as music, video, and photos. One of the most common ways that attackers can access a person’s account is by sharing a window with the working platform [9].

Critical Analysis

The article highlights the different kinds of cyber-attacks that have been happening due to the increase in remote working. But the article does not majorly discuss how these problems can be solved. The cyber-attacks have been a major concern for every company having remote users, they know why they are being attacked and how they are attacked the issue is how to resolve such issues. Another thing that the article lacked was that even if people were not using the cloud or they were using something much safer the reasoning of those cyber-attacks. The preventions are given in the section 4 of the article which are quite limited and a reader would expect more of them to be briefly described in steps. Other than this the article was informative and well-versed while being referenced properly [10]. The few guidelines on how the prevention of cyber- attacks should be minimize were to have a strong password policy is required for all workstations and hosts to ensure that they are protected. Multi-authentication policies should also be implemented. The use of a shared file system such as Google Drive, Drop box, or even an email address is required for employees to communicate. However, it is not allowed to share files through social media or any other free email address. Also, make sure that all the files are back on the hard disk before sharing them. Before downloading a certain application, make sure that the source of the information is known. Also, keep in mind that the latest security patches are released every time. To prevent the spread of email spoofing attacks, use DMARC, SPF, and DKIM protocols [11].

Advantages of Technology

One of the many advantages of technology is that it allows people to work from home. Until recently, it had been relatively rare for people to experience this practice. In 2020, the COVID-19 pandemic forced many organizations to close their doors and send their staff home. This change was largely due to the emergence of the standard advice about home working. The rise of technology was also the driving force behind the changes [2].

The rise of the COVID-19 pandemic has changed the way people think about home working. This paper aims to provide a comprehensive analysis of the various factors that affected the way organizations and their staff members were prepared for the outbreak. Although home working is not a new concept, it is not always a priority when it comes to security [12]. In 2006, a study revealed that many people were not well-equipped to handle the various security threats that can affect their operations at home. This issue is now ten years later, and it is important to see if the situation has changed. In addition to being able to identify and implement effective safeguards, it is also important to consider if there are still adequate provisions in place when it comes to dealing with unexpected situations [13].

Although home working has been the norm for some workers, it has not been the case for a large portion of the workforce. For instance, on March 16, 2020, only 15% of the UK’s workforce was working from home. By April 13, this figure had doubled, and it is estimated that approximately 6.8 million employees were working at home during the peak of lockdown [14].

Hierarchical Preparation of Work Places

The review provides an overview of the extent to which organizations and their staff members were prepared for the unexpected emergence of home working and the subsequent cyber threats that were presented in parallel. While the discussion is focused on the UK, other regions are also likely to have similar issues. Due to the data collected by the authors, the overall picture is likely to be similar [15].

Findings of the CSBS 2020 survey revealed that businesses have a number of actions they can take to improve their cyber security. These actions are aligned with the recommendations of the National Cyber Security Center’s 10 Steps to Cyber Security. The 10 steps were established in 2012 to provide a comprehensive view of the various aspects of cyber security [16].

Around 12% of businesses have already taken action against all of the steps that were outlined in the 10 Step Plan. This figure varies depending on the size of the organization, with the small firms having fewer than 1 employee having fewer than 9% compliance, while the large companies with 250+ employees have 42% [17]

Companies of all sizes are expected to have the necessary resources and skills to perform at their best in the 10 steps of the security assessment. However, larger firms also have more complex needs when it comes to cyber security. This is why it is important that they do more to address these issues 2. Most small businesses do not need advanced monitoring tools or network security. The 10 steps provide a framework for addressing the various aspects of cyber security for all sizes of organizations. They help us identify which parts of an organization have invested in this area [18].

Results

The results of this survey suggest that many businesses do not take the necessary steps to educate their employees about the importance of mobile and home working. Only a quarter of the respondents said they have addressed these issues. The level of compliance with the 10 steps is more granular, considering the various aspects of security that are included in the survey. However, there is a notable drop off in the number of firms that are focused on the people centric aspects of security. This is consistent with the survey’s previous releases [19].

Despite the complexity of their cyber security needs, many small businesses do not need advanced monitoring and security tools. This is why we have created a comprehensive framework that aims to help small and medium sized enterprises identify their current state of cyber security and invest in the necessary resources to improve their operations [20].

The proportion of employees working in large companies has increased significantly over the past couple of years. It is now 42% in large firms with over 250 employees, and 9% in micro firms with less than a hundred workers. This suggests that larger firms have the necessary resources and skills to do better at certain steps [21].

The results of this study article suggested that although the prevalence of home and mobile working has remained relatively low in the UK, companies are still not overly concerned by these issues. This suggests that they have not learned the lessons of past experiences. Mobile working and home working were also not considered risky at this point [22].

There’s also indirect proof that businesses with home based cyber policies tend to have more charitable organizations than those who rely on external help. There’s also evidence to suggest that many of the lessons that have been learned in the past have not been implemented. For instance, according to a study conducted by CSBS 2020, the most common response to a cyber-attack is to provide additional staff training. However, this suggests that the support that is being provided is not being proactively maintained [1].

CSBS series findings have generally suggested a variety of schools of thought regarding cyber security among those in charge of the security department. Most of the time, those in charge of security think that end user awareness is very important. However, they also feel that they have a hard time convincing the management boards to support their efforts. Some of the people who believe that cyber security is an issue of common sense are those who believe that end users should take the necessary steps to protect themselves. This is a less common view in the past couple of years [2].

Despite the various factors that affect the development and maintenance of cyber security, it’s still common for people to dismiss security education and awareness as a waste of time. This is because the assumption that people will not notice or take any notice of the warnings is often the reason why people do not take action [2].

Discussion

The research article covers every aspect of the cyber security issue due to remote working. Even though the remote working was majorly seen during the pandemic, the article covers the issue from 2004. The initial phase of the cyber security being compromised due to remote working was lack of knowledge.

Over the years this scenario has changed even with vast security breaches the security is still not strong enough to work remotely. The article also gives an overview of the issues that are faced by companies due to these breaches [23]. Upon further reading, the article discusses to resolve such issues and the study and its findings were reliable as per the quantitative data collected. The main thing that a reader will catch the eye of the reader is the increasing number of people choosing to work from home has created a new opportunity for employers to adopt secure home working practices. There is a wide variety of resources available to help staff develop effective strategies, but they need to be directed towards it and are also certain that they cover the bases that they need to. It is important to note that many businesses have not taken the time to seek out the necessary guidance on how to effectively implement home working practices. According to a survey conducted by CSBS 2020, only 54% of businesses have sought out external information about cyber security [24].

The number of people who are aware of the importance of securing their personal data has increased significantly since the introduction of the GDPR in 2018. However, it still means that many businesses are not able to access the necessary resources to help them implement this strategy. The COVID-19 pandemic provides businesses with an opportunity to take advantage of the various government initiatives that are aimed at supporting the development of effective home working practices. For instance, by providing support through business support schemes, the government can help direct companies toward the appropriate cyber guidance. In the UK, there is potential for businesses to find out about the various resources that are available to help them implement home working practices through the gov.uk’s COVID-19 support. This could also be done through other organizations [25].

Conclusion

This article aimed to discuss the security concerns faced by different sectors of the healthcare industry, such as IT, education, and banking. During the period of March to July, there have been several cyber security attacks that affected the healthcare industry. The article also presented a literature study that describes the various attacks that occurred.

The graph of social engineering attacks has increased significantly over the previous year. This issue is considered a serious threat that requires the establishment of a comprehensive security policy. Besides changing the policies, users also need to be aware of the various precautions that they can take to prevent their workstations from being attacked. In order to address the security concerns of remote workers and distance learners, people will develop a security protocol that will allow users to control the access to their cloud resources.

Regardless of the nature of COVID-19, the security of flexible working remains an issue that employers need to address. This is because the increasing number of people working in the gigantic economy will inevitably lead to them being placed in different roles. To ensure that their employees are aware of the proper practices and policies when it comes to cyber security, organizations will need to make sure that they are regularly updated. This can be done through the establishment of a clear understanding of the various roles and responsibilities of gig workers. The effects of COVID-19 are likely to have a long lasting impact on the lives of individuals. Although the issues discussed here are relatively minor compared to the loss of life and the consequences of the pandemic, they still remain significant.

REFERENCES

1. Mandal S, Khan DA (2020) A study of security threats in cloud: Passive impact of COVID-19 pandemic. IEEE Explore.

   [Crossref] [Google Scholar]

2. Furnell S, Shah JN (2020) Home working and cyber security: An outbreak of unpreparedness? Computer Fraud & Security 2020 (8), 6–12.

   [Crossref] [Google Scholar]

3. Kurpjuhn T (2015) The SME security challenge. Computer Fraud & Security 2015 (3), 5–7.

   [Crossref] [Google Scholar]

4. Alexei A (2021) Cyber security threat analysis in higher education institutions as a result of distance learning. repository.utm.md 2021 4(3).

   [Google Scholar]

5. Williams ML, Levi M, Burnap P, Gundur RV (2018) Under the corporate radar: Examining Insider business cybercrime victimization through an application of routine activities theory. Deviant Behavior 2018 40(9); 1119–1131.

   [Crossref] [Google Scholar]

6. Curran K (2020) Cyber security and the remote workforce. Computer Fraud & Security 2020 6; 11–12.

   [Crossref] [Google Scholar]

7. Parmar B (2012) Protecting against Spear-Phishing. Computer Fraud & Security 1; 8–11.

   [Crossref] [Google Scholar]

8. Saura JR, Ribeiro-Soriano D, Zegarra Saldaña P (2022) Exploring the challenges of remote work on twitter users’ sentiments: From digital technology development to a post-pandemic era. J Business Res 142; 242–254.

   [Crossref] [Google Scholar]

9. Venkatesha S, Reddy KR, Chandavarkar BR (2021) Social engineering attacks during the COVID- 19 pandemic. SN Computer Science 2(2).

   [Crossref] [Google Scholar]

10. Ncubukezi T, Mwansa L (2021) Best practices used by businesses to maintain good cyber hygiene during Covid19 pandemic. J Internet Tech & Secured Transactions 9(1); 714–721.

    [Crossref] [Google Scholar]

11. Opara E, Soluade O (2015) Straddling the next cyber frontier: The empirical analysis on network security, exploits, and vulnerabilities. Internat J Electronics & Info Engg 3(1); 10–18.

    [Google Scholar]

12. Johns E (2021) DCMS: Cyber security breaches survey 2021. Network Security 4; 4.

    [Crossref] [Google Scholar]

13. Hina S, Panneer Selvam DDD, Lowry PB (2019) Institutional governance and protection motivation: theoretical insights into shaping employees’ security compliance behavior in higher education institutions in the developing world. Computers & Security 87; 101594.

    [Crossref] [Google Scholar]

14. Tawalbeh L, Muheidat F, Tawalbeh M, Quwaider M (2020) IoT privacy and security: Challenges and solutions. Applied Sciences 10(12); 4102.

    [Crossref] [Google Scholar]

15. Wiafe I, Koranteng FN, Obeng EN, Assyne N, Wiafe A, et al. (2020) Artificial intelligence for cybersecurity: A systematic mapping of literature. IEEE Access 8; 146598–146612.

    [Crossref] [Google Scholar]

16. Priestman W, Anstis T, Sebire IG, Sridharan S, Sebire NJ (2019) Phishing in healthcare organisations: threats, mitigation and approaches. BMJ Health & Care Informatics 26(1); e100031.

    [Crossref] [Google Scholar]

17. Eian IC, Yong LK, Li MYX, Qi YHZF (2020) Cyber attacks in the era of COVID-19 and possible solution domains. Preprints.org.

    [Crossref] [Google Scholar]

18. Palanisamy R, Norman AA, Mat Kiah L (2022) BYOD security risks and mitigation strategies: Insights from IT security experts. J Organizational Computing & Electronic Commerce 1–23.

    [Crossref] [Google Scholar]

19. Faraj S, Renno W, Bhardwaj A (2021) Unto the breach: What the COVID-19 pandemic exposes about digitalization. Information and Organization 31(1); 100337.

    [Crossref] [Google Scholar]

20. Hicks M (2019) Why the urgency of digital transformation is hurting the digital workplace. Strategic HR Review 18(1); 34–35.

    [Crossref] [Google Scholar]

21. Dolezel D, McLeod A (2019) Managing security risk. The Health Care Manager 38(4); 322– 330.

    [Crossref] [Google Scholar]

22. Bello Garba A, Armarego J, Murray D (2015) Bring your own device organizational information security and privacy. ARPN J Engg & Applied Sci 10(3); 1279– 1287.

    [Google Scholar]

23. Khando K, Gao S, Islam SM, Salman AN (2021) Enhancing employees information security awareness in private and public organisations: A systematic literature review. Computers & Security 106; 102267.

    [Crossref] [Google Scholar]

24. Babiceanu RF, Seker R (2019) Cyber resilience protection for industrial internet of things: A software-defined networking approach. Computers in Industry 104; 47–58.

    [Crossref] [Google Scholar]

25. Chauhan PS, Kshetri N (2020) CSDL | IEEE Computer Society.

    [Crossref]