Checking your emails outside of work hours is bad for your company’s cyber security
Logging in to send emails after hours isn’t just bad for work-life-balance but also plays havoc with companies’ cyber security systems which are searching for unusual behaviour.
Logging in to check emails and completing work tasks outside of designated hours isn’t just bad for work-life balance, it’s also a cyber security issue.
Practitioners say that logging into workplace systems at odd hours could reduce the likelihood of cyber security teams and systems picking up irregular behaviour.
That outside-of-office-hours activity could create a situation similar to that of the boy who cried wolf wherein a cyber team would not regard late-night activity as irregular because the organisation had regularly picked up that kind of activity from the worker.
That’s the view of Cisco’s Australia and New Zealand head of cyber security, Corien Vermaak, who said while monitoring irregular activity of workers wasn’t the be all and end all of cyber security, it was part of a new focus during the industry’s current labour shortage.
Cyber security companies were beginning to look at the behaviour of workers and measure irregularities to pick up threats.
“We’ve done behaviour analytics in cyber security now for over a decade which means we have the ability to see if logins, keystrokes and other behaviours match that of the user,” she said.
With the frequency of attacks on the rise and a shortage of staff needed to defend against threats, organisations were increasingly using systems which analyse patterns of behaviour such as where employees were working, the devices they use and how they access the internet.
“A system with behavioural analytics has got the opportunity to do base-lining and it knows a certain person only logs on generally between eight and nine,” Ms Vermaak said.
“If all of a sudden this person logs in at four o’clock in the morning, the system can immediately pull those patterns.
“That effectively means with the fewer resources that we have, the system can do the analytical, heavy lifting and really look for the outliers from a behavioural point of view.”
Cisco had observed numerous breaches taking place after regular worker hours, Ms Vermaak said.
“We see a lot of attackers’’ modus operandi being to log in after hours when things are not being monitored as actively, and then try and move laterally or escalate a worker’s privileges,” she said.
Efficient organisations were now looking for signs that workers might have been breached, which include recording the Wi-Fi and location where they have logged in, what times they’re working and the type of files and workplace applications they access.
“If a person is all of a sudden working from a coffee shop, that’s not normal behaviour so then companies should be trying to verify the identity of that person via two-factor authentication,” Ms Vermaak said.
“There’s a term in the industry that says the perimeter has shifted to the identity, so the point where the user gets access to the workplace system is where the strongest control point needs to be.”
Monitoring employee behaviours and checking them when irregularities are detected was one method which could help organisations with fewer resources, Ms Vermaak said.
“Most organisations don’t yet use this so there’s a big gap between the haves and the have-nots in cybersecurity, and with the skill shortage we have to get closer to a process where the technology does a bit of the heavy lifting,” she said.
More Coverage
Bromance to brawl: Musk vs Altman goes nuclear
The two tech titans are in the meanest fight in business. The stakes couldn’t be higher.
OpenAI rejects Elon Musk’s takeover offer
The ChatGPT maker’s board unanimously turned down the billionaire’s unsolicited $153bn bid.