Cyber security in remote work and distance learning

Expand all questions

If it is done correctly and knowingly, distance working is certainly safe. Even though the current emergency situation, where many people work from home, does increase the danger that companies and their employees fall victim to a cyber attack or cyber fraud, these risks can be brought down to a minimum by following elementary cyber hygiene requirements. In turn, by safely doing distance work you lower the risk of coronavirus infection for yourself as well as others.

Last updated: 17.04.2020 19:26

Did this response answer your question?

Distance working and learning requires constantly logging into places and inserting passwords. This might create a temptation to use one and the same (and as simple as possible) password everywhere. It would be used to enter work, school, store, social media, chat rooms and gaming sites. But if this one password should leak (and passwords do leak from time to time!) the hackers will see whether the already leaked passwords and usernames can be used to enter other places as well.

One possibility to use different passwords in different places in a way that you do not need to remember the long passwords yourself is to see what options are being offered by password managers. There are several, they can be used for free (e.g. LastPass, Keepass, 1Password) and in this way you only need to remember one long password for your password manager.

But as work done at home, e-mail addresses and all kinds of accounts are currently vitally important for work, study and communication, an important assistant for securing your accounts is multi-factor authentication. This means that even if somebody does get hold of your password (with phishing, malware or previously leaked passwords), they still can't access your e-mail account without a code that is in your phone. No, you do not need to enter the code every time you want to log into Gmail. But if someone tries to get access to your e-mail account from a geographically distant location, they will not be successful.

Last updated: 17.04.2020 19:28

Did this response answer your question?

Make sure that both your and your child's computer or device has the latest possible software. This is vitally important! If the software is expired, your computer might get infected by just visiting a suspicious web page.

If you know how to find the settings of your smart television, your router and your Internet-connected web camera, you should update their software regularly as well. All this so that the devices in your home could not be used to attack anyone else. Just as you don't want to be the one who transmits the virus.

Additionally, it is important to check whether the anti-virus software of your devices has been able to regularly update itself. Anti-virus never protects you from all the threats -- malware creators are always a step ahead of anti-virus programmes. But if a malware has already circled the globe several times, the anti-virus programmes will also recognize them and stop them before they manage to infect your computer or the computers of those close to you.

Definitely find out whether the people close to you have the latest versions of operations systems and anti-virus software in their computers. In the Windows operation systems, for instance, this means updating the Windows Defender definitions.

Last updated: 17.04.2020 19:31

Did this response answer your question?

On April 8, the internationally recognized collection of cybersecurity measures "CIS 20 Controls" was made available in Estonian by the Information System Authority. This is a tool that was developed by recognized cybersecurity experts and can be used by IT managers and all others who are responsible for the field of IT in their company, in order to ensure cybersecurity in their company. The latest version of the CIS 20 measures also differentiates between measures that are meant to be implemented by large, but also small and medium sized companies. The Estonian version of the collection of measures and relevant short instructions and instructional videos in Estonian and Russian can be found at https://www.ria.ee/et/kuberturvalisus/ennetus-ja-nouanded/nouanded.html.

Even though it might not be possible for you to implement these measures before the end of the current emergency situation, it is still worth doing it consistently in medium and longer term perspective. This way you will safely survive both possible future single cyberattacks and future emergency situations.

Additionally, see https://www.itl.ee/uudised/itl-soovitab-ettevotetel-kaugtoo-korraldus-labi-moelda/. In its original language – English – the measures can be found here: https://www.cisecurity.org/controls/cis-controls-list/.

Last updated: 17.04.2020 21:23

Did this response answer your question?

  • Don't open attachments or links from unknown senders.
  • Don't believe threatening letters from unknown senders that demand that you act quickly.
  • Don't give an unknown caller access to your computer.
  • Make sure that you are using the latest version of software and that all security updates have been installed.
  • Regularly back up the files in your computer and on your phone.

Also see the newest entries at https://blog.ria.ee/.

Last updated: 17.04.2020 21:25

Did this response answer your question?

There is one more good way to reduce stress about your work and studies during these unusual times: backing up your data. Nobody wants to redo work that they have already done. But we know that devices sometimes break or, even worse, get infected with malware that will not allow access to the data anymore. Schoolchildren might initially find it great that they can say that they could not submit their schoolwork because the computer was not working but in the end even they will still have to redo this work. Losing your work because of ransomware or a device that has unexpectedly broken down is an even bigger worry.

There is a vast array of commercial cloud solutions for backing up your work (Google Drive, Microsoft Onedrive, Amazon Drive, Dropbox) that back up your documents automatically over the Internet. It is your task to save your files to a correct drive and to find your documents again on another device if something happens to yours.

We recommend using an external hard drive or a memory stick as well, to back up your most important data. In the case of large data it can, on one hand, this might make restoring your data faster, on the other hand, keeping large data volumes in cloud solutions is more expensive than using external data carriers. Find out from your employer what backup solutions are even acceptable to them -- is keeping work documents in a cloud even allowed or does the company have different rules.

Last updated: 17.04.2020 21:21

Did this response answer your question?

The main important thing is to come to an agreement with your colleagues and close ones on what channels of communication are used for the distance communication during the emergency situation. You children, for instance, have similar agreement with their teachers and friends on which channels they use. It is always good to find out more about these channels of communication, to establish which are not only easy to use but also safest from a message confidentiality point of view -- in case you have to share confidential business information with your business partners. Read through the terms and conditions! At the same time, keep an eye on what channels of communication are the safest for your child's health and welfare.

As distance working will continue both in Estonia and the rest of the world for quite a while longer, there will probably also be campaigns where criminals try to spread malware or steal data by impersonating different distance working applications. We have seen that the popularity of some videoconferencing platforms has been exploited for spreading malware -- the victim is left with an impression that he has received a link from such a programme or a link is shared that seems to be connected to some such programme but leads to a web page that is being used to collect user data.

The Centre of Registers and Information Systems stresses to the employees of ministries and agencies that information that has been labelled as restricted (AK) can only be forwarded on a videoconferencing system that is controlled by the holder of the information (is hosted in the ICT infrastructure of the holder of the information). If it is not possible to use this kind of a system, the restricted information cannot be forwarded through a videoconference.

Last updated: 17.04.2020 19:27

Did this response answer your question?

More information about the coronavirus and restrictions related to it is available calling 1247 (from abroad +372 600 1247).