Work and safety: with smartworking, the risk is IT

In these emergency weeks, the Italians have discovered a new term: smart working. Remote work, a method usually used in Italy by only 3.6% of workers according to a recent Eurostat survey, has become the only alternative for millions of people in our country. A forced and, in some cases, improvised change of direction that hides some pitfalls: not only productivity problems and tools available, but also IT security, especially in the case of activities that lead to the management of sensitive data or the handling of confidential documents.

Cyber ​​security and business. According to the Allianz Risk Barometer 2020 report, cyber risks, for the first time, are perceived by companies as the number one threat. And the data confirm that there is reason to worry: in Italy, according to the ninth annual Accenture Security study, the average annual cost per company of cyber security breaches has reached $ 8 million, 13 million per company globally. . And according to data released by another Report, presented on the occasion of the 2020 edition of the World economic forum in Davos, it is estimated that by the end of 2021 the economic damages related to the activity of cyber criminals could be around 6,000 billion dollars in the world. In recent weeks, the dangers resulting from the Covid-19 emergency have been added to increasingly sophisticated attacks and the increase in the attack surface (given the multiplication of devices connected to the network).

A causa della catastrofica situazione che sta vivendo il nostro paese, sospenderemo temporaneamente attacchi ai siti istituzionali. Questo non significa che non riprenderemo la nostra lotta.Una tregua è doverosa in questo momento. Anzi lanceremo presto #OpMigration Stay Tuned!

— Anonymous Italia (@Anon_ITA) March 11, 2020

Attacks on the time of Covid-19. With this message on March 11 Anonymous Italy announced a truce to the Italian institutions, in order not to add further problems to a situation which is already critical in itself. But not everyone followed this same philosophy: “While Anonymous in Italy announced a truce, – commented for us Silvio Ranise, head of Cybersecurity research at the Bruno Kessler Foundation of Trento – other hackers did not hesitate to bring attacks on health facilities such as for example a Czech hospital, which among other things carries out verification of Coronavirus swabs. If confirmed, this I think goes beyond the criminal act in a critical situation such as the one we are experiencing, not only towards patients but also towards medical personnel who risk a great deal firsthand. I therefore think that the activities most at risk are precisely health and, given the situation, the impact on society of a cyber attack could be dramatic. ”
But in addition to institutional goals, private individuals are also in danger. In many cases the trend topic Covid-19 has been used to attract people into well-designed computer traps, real malware campaigns.
But what risks arise if we are connected from home with business tools? How to deal with them?

Better to use business tools. “The Italian production fabric – commented Ranise – was not prepared and therefore attempts are being made to deal with an unprecedented situation. All available tools are being used, including personal ones, in order to contribute at least in part to the productivity of companies “. But what does this entail? The first pitfall comes from tools: many employees are forced to work from home with personal devices that are easily attacked. The risks are different, from the presence of “weak” antivirus (provided they are present) to the use of outdated and vulnerable software up to the connection with unsafe networks and modems.

Corporate network and external connections. After the protection of the device, in fact, the network is the most thorny issue: remote access to the corporate network expands the attack surface and it is important to think about how to protect data in transit, so that it is not accessible to third parties. In this sense, a solution could be represented by the use of cloud services, which must guarantee security and reliability.

As with everyone, training is needed. As said, this conversion to remote work was forced, sudden and, in some ways, improvised. In addition to the tools, the right training was lacking within the same companies to prepare employees for smartworking, also in terms of IT security. From seemingly trivial questions, such as setting secure passwords, to more technical ones related to the use of specific platforms or accessing networks, it will be necessary to correct the shot while running, also because the times of the emergency potre