fhnw, publication 03.04.2020

Certified competence to fend off attacks and protect assets based on BSI/ISO. This is what 15 intensive days of our training course are all about. In addition to risk analysis, security frameworks, and a deep dive into cybersecurity technologies, our graduates write a blog post. This one is from Jochen Theurer.

The Corona pandemic keeps not only Switzerland but also the rest of the world in suspense! Even if this pandemic will hopefully soon pass, it is certain that the next one will threaten us again in the not too distant future.

In the past, in addition to the few opportunities for employers, this unfortunately usually had severe consequences for employees: short-time work, forced vacations, company closures, mass layoffs and unemployment. Not much has changed, but there is now a small ray of hope: Working from home, or “home office” in new German.

The topic is not really new, as it has already been applied more or less successfully in the recent past, but it is only in recent years that the necessary technologies and the required Internet bandwidth have made considerable progress, so that in suitably equipped countries, truly comfortable working from home is no longer a utopia for certain work groups.

Classic tools such as the secure VPN connection or a company’s own login portal (e.g. via Citrix) are still the most commonly used business choice, but other collaboration tools such as Microsoft Skype for Business or its successor “Teams” also offer corresponding options for group work in the corporate or private sphere.

However, since some small and medium-sized companies are overburdened with the necessary preparation or infrastructure or cannot afford it themselves, some resourceful people have already sensed the morning air here, so that smaller WaaS Workplace as a Service providers are now appearing alongside the big players such as Microsoft or DELL. (e.g. “my Workplace GmbH” from Nuremberg).

One alternative, albeit a limited one, for (business) data exchange are the instant messaging services that tend to be frowned upon in corporate use, first and foremost the classic “WhatsApp” (which is still available in parallel as a business version and meanwhile also as a web version), or paid newcomers such as “Zoom”, for example, which make online group collaboration as well as (business) data exchange and its processing easier than ever before. Not to be forgotten is Google Docs, in tandem with Google Drives, which can also be used for successful online collaboration with a corresponding G Suite business account.

With all the technological possibilities, however, it must not be forgotten that with the current and presumably more frequent and large-scale use of this work methodology in the future, some rethinking of labor law must be considered!

On the other hand, additional (new) threats (e.g., openly accessible Outlook mailboxes or increased occurrence of corona phishing and malware e-mails, increased social engineering attacks such as SCAM calls, etc.) are also emerging at present, which companies must counter with any existing security policies and the measures listed below:

  • Make employees aware of these problems by means of verbal and written information (awareness) and, if possible, additionally increase the number of online video training sessions.
  • Mandatory two-factor authentication, preferably with mobile app, at company login (SMS is insecure)
  • Strengthen password protection (create new and longer passwords, possibly use password manager).
  • Mandatory follow-up calls or inquiries about unusual email content or requests
  • Appropriate and updated contingency plans for cyber attacks
  • Increased monitoring and vigilance of the respective IT responsible, if they are at all prepared for the current security crisis

All of the tools mentioned have their advantages and disadvantages, but it is only in recent years that the range of ISP and TSP providers and the expansion of the corresponding infrastructures (e.g., large-area fiber-optic connections right into the home, 5G mobile communications) have advanced rapidly, so that, as mentioned above, connection and data transfer speeds are no longer an issue, at least in suitably advanced countries.

However, the Corona pandemic clearly shows that both the providers of the aforementioned methods and services and the ISPs and TSPs must adapt, optimize and expand their internal infrastructure in good time in order to be prepared for such a future onslaught.

One thing is certain: the next pandemic is sure to come!