ST Reset 2021 Webinar Series: Digitalisation and cyber security

New practices needed to stay safe online in era of working from home

Employees must be aware of key digital assets to protect, say experts

SPH Brightcove Video
What are some of the ways people can gear up for a more digitally secure 2021? Experts give their take at The Straits Times Reset 2021 Webinar Series: Digitalisation and Cybersecurity on Wednesday (Dec 9).

Say "no" when your child asks to use your work laptop to do his schoolwork, or set up a different user account on the work laptop for different activities.

There are ways to reset habits and practices for a more digitally secure 2021 as working and e-learning from home become the new normal even after Covid-19, said panellists at The Straits Times Reset 2021 Webinar Series: Digitalisation And Cyber Security on Wednesday.

Employees who are also parents need to be aware of key digital assets, such as e-mail access, that have to be protected when work has moved into the home environment, said Associate Professor Steven Wong from the Singapore Institute of Technology.

"What are the key assets that you have in your home that, if compromised, will impact your family, your business and your work? It could be your e-mail, or certain approval processes," said Prof Wong.

"Start to identify some of these (assets) and take a 'compromised-by-default' position, so that you are prepared and will not be... at a loss when something happens.

"In corporate settings, this is known as incident response, but very seldom does it happen at home because it's not our culture (yet) to do so."

The other three panellists were Mr David Koh, chief executive of the Cyber Security Agency of Singapore; Associate Professor Chang Ee-Chien from the National University of Singapore School of Computing; and Mr Benjamin Ang, head of the Cyber and Homeland Defence Programme at the Centre of Excellence for National Security, a policy research think-tank.

Prof Chang suggested segregating devices at home by individual or workflow. For example, as far as possible, children should use a different desktop or laptop from the ones their parents use for work.

"If that is not possible, then try to segregate by setting up different user accounts on a laptop. Even if you have your own machine, you can segregate accounts for work, for family, or for playing games," he said.

"Segregation is about setting up security parameters, so that when something happens within that parameter it will not spill over to other (areas)."

Mr Koh and Prof Wong also warned against thinking that technology can serve as a cure-all or silver bullet for protecting personal data and staying safe online.

Prof Wong said there is a worrying tendency for people who are more tech-savvy to assume that they are safe simply because they are familiar with the workings of the digital world, or because they have adopted certain technology like virtual private networks (VPNs).

A VPN anonymises users' Internet browsing activity by sending Web traffic through an encrypted tunnel to a network controlled by the VPN service provider.

However, some VPN providers, especially those offering their services for free, may not be what they claim, Prof Wong said.

"It's as if today, someone tells me, 'give me your wallet and I'll keep it safe for you. I'm free, reliable and easily accessible'. But you just don't do that in normal physical life... These are opportunities cyber criminals will use," he added.

"The challenge with digital natives is that sometimes, they think they know everything. But actually, none of us know, because (being on your guard in the digital world) is not an inherent sense that we are born with.

"And that's a sense - a sixth sense - we need to develop because the physical and digital worlds operate in very different ways. In the physical world, there's a perimeter to nearly everything, but it's the opposite in the digital world."

Pointing to the nature of WhatsApp hijacking cases, where hackers pretend to be friends of the victims in order to ask for their WhatsApp verification codes, Mr Koh said the scam hinges not on technology but on "social engineering".

"Be suspicious. You have to ask, why are you contacting me and asking for a six-digit PIN? And the easiest thing is just to pick up the phone and call the person and ask if it's really them," Mr Koh said.

"Not all technical problems need a technical solution. Sometimes, a simple process or being a bit more careful can solve the issue."

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on December 11, 2020, with the headline New practices needed to stay safe online in era of working from home. Subscribe