The Impact of COVID-19 and Remote Work on the Cybersecurity of Early Career Computing Professionals
In this post, we continue sharing the results from a recent survey on the Impact of COVID-19 and Remote Work on Early-Career Computing Professionals. We asked respondents to give their feedback on the most significant ways their cybersecurity has been affected during COVID-19 due to working remotely.
Cybersecurity during COVID-19
Of the 253 participants in the study, (36.8%, N=93) responded to the open-ended question about the most significant way their digital security has been affected. Out of all the feedback received, about half of them (48.4%, N=45) highlight a negative significant impact on cybersecurity, whereas only (15.1%, N=14) highlight a positive significant effect, and about a third (36.6%, N=34) state that they cannot highlight either a significant impact on their sense of cybersecurity.
Let us start with the responses that occurred most frequently for the cybersecurity aspects.
Negative Effects on Cybersecurity
Out of all responses that highlight negative impacts, about half (48.9%, N=22) considered the various software used in remote work. (40.9%, N=9) of these said that using VPN on personal computers or home computers may cause problems for cybersecurity. Although the use of VPN is considered a good security practice by some (as we will explain later), a substantial number of people mentioned issues relating to their personal or confidential data being made available through their personal computers. One survey respondent mentioned negative effects including:
“Required use of work VPN on a personal computer. Accessing sensitive data from a home computer.”
(31.8%, N=7) stated that using videoconferencing tools raises cybersecurity concerns. These concerns are due to a lack of trust in the provided software and lack of clarity of the amount and use of collected data (e.g., personal data) by video conferencing tools.
“I don’t know the details of what rights Zoom has, but it sounds like they’re not friendly.”
Some respondents (27.3%, N=6) stated that the new tools and software are not protected by good cybersecurity practices. These respondents highlighted different security risks that arise due to installing such third-party software.
“Third-party software had to be installed on my personal computers. On multiple occasions, the software had not been thoroughly evaluated for security risks.”
Employees are often not given the choice of installing certain software, but they are obliged to use them.
“Obligation to install many new tools to attend meetings with different groups, most of which are not secure.”
Some participants mentioned data breaches or leaks that happen due to insecure software.
“There was a data breach in an online marketplace in my country, and my account data is included in the data.”
The second most prominent theme (31.1%, N=14) was about the increased online activities causing cybersecurity problems. More than half (57.1%, N=8) of these respondents highlighted that their increased online activity was the main reason why their cybersecurity is impacted. This might include using more applications or sharing more data.
“Using more online apps that harvest and connect my data.”
“Everything is online. Not sure of digital security anymore.”
More than a few of the respondents (28.6%, N=4) said that the increased online activities increased the risk of cyber attacks too.
“The increase in the volume of these means that I am more likely to interact with a phishing attempt or other security risk.”
“I do not trust the tools my university uses to coordinate (Zoom) and despite adhering to my university’s best practices my class was disrupted by hackers who said awful and racist things to my students, addressing many of them by name.”
Two respondents (14.3%, N=2) said that as a result of increased online activities, they needed to remember more passwords to protect their cybersecurity.
“Multiple platforms are required to use which makes remember more passwords and account details.”
One-fifth of the participants (20%, N=9) highlighted the lack of facilities or equipment provided by their workplaces as the most significant impact on their cybersecurity. This included not having access to the resources in the workplace.
“I do not have access to my working computer and phone. I cannot give my phone number to students.”
It also included using personal devices to access remote machines instead of using company-provided machines that are more secure.
“We are using personal machines to remotely access work machines.
No Effect on Cybersecurity
More than a third of the respondents (36.6%, N=34) could not state a clear impact on their cybersecurity. Out of these respondents, an overwhelming majority of them (88.2%, N=30) say that they haven’t observed any effects on their cybersecurity due to remote work. This might be due to having similar worries before COVID-19 by already working in a mostly digital environment with many online activities.
“None comes to my mind. I was worried about it before COVID anyways.”
“I don’t feel that remote work has significantly impacted my digital security”
Positive Effects on Cybersecurity
Only a small percentage of all the respondents of this question (15.1%, N=14) highlighted a positive impact on their cybersecurity. The most common theme in this small group (42.9%, N=6) was the use of VPN with security features. These respondents considered that their organization’s VPN support enabled them to have better cybersecurity than before COVID-19.
“My company added more security features as it got its VPN up to scale but I haven’t noticed much other than that emails take longer to get in or out now.”
Some other respondents (35.7%, N=5) thought that their organizations now adopted more secure options to support their cybersecurity.
“We have more secure options for remote work now than before.”
Lastly, a few respondents (21.4%, N=3) said that they now do not have to worry that their monitors are being watched by other people. They state that this was a concern in the office environments because some people would look over their shoulders. Thanks to remote work, people can no longer see their passwords or log in to their machines.
“Friends can no longer watch me enter the password into my device. They can definitely not send texts on my behalf”
“Nobody is around to watch me enter a password or see what sensitive information may be on my screen.”
How Has Remote Work during COVID-19 Affected Early-Career Computing Professionals Specifically?
Similar to our previous analysis on privacy, the survey responses about the impacts of COVID-19 and remote work on cybersecurity highlighted certain specific characteristics for early-career computing professionals. First of all, these professionals had an overall better technical understanding of the consequences of data breaches or using untrustable third-party software, and they were sometimes obliged to use certain tools even if they are aware of the potential problems that those tools have. For instance, some had concerns about having malicious software installed on either their personal or work computers. Moreover, to access their remote servers for work, some were required to use a VPN application that they do not trust. Similarly, sharing personal information caused worries due to possible data leakage or breaches, such as leakage of passwords that are stored by many different applications.
Stay tuned to learn more about the results of our survey and how working from home has affected young computing professionals!
Wellness Team, ACM Future of Computing Academy
Jessica Hair, Software Engineer, SmartFile, jessica@hairsquaredsoftware.com
Jaelle Scheuerman, ACM Future of Computing Academy, jaelle@gmail.com
Gürkan Solmaz, Senior Researcher, NEC Laboratories Europe gurkan.solmaz@neclab.eu
Pamela Wisniewski, Associate Professor, University of Central Florida, pamwis@ucf.edu
Image Credit: Online Security Vectors by Vecteezy
