03 February 2020 - Remote working: information and key risks
Remote working: information and key risks
CAUDIT, ucisa's Australian equivalent, has kindly shared a list of key risks to remote working, as articulated by their members:
- Census Date — students may choose to abandon the semester, resulting in lost income from domestic students
- Employment — international students are not securing their normal levels of employment; there is a risk that they will be unable to afford costs and may have to return home
- Borders — students overseas are unable to enter country to study, resulting in delays and loss in income
- Quarantine/Isolation — students and staff from overseas are required to isolate for 14 days
- Domestic Residential Students — students from other regions in country may wish to return home due to the virus; if courses cannot be run online, this may result in withdrawal
- Increased cyber attacks — DDoS, phishing, data breaches
- VPN tools - Advanced persistent threats have been found in VPN solutions from Palo Alto Networks, Fortinet, and Pulse, among others. Ensure patching is up to date.
- DDoS against VPN’s TLS server.
- Remote desktop accounts - phishing or brute force attacks
- Phishing - in the form of maps depicting spread of the infection in the various states
- Windows flaw lets Zoom leak network credentials, take care when clicking on links starting with \\
- Internet load / network speed — inadequate access from home for staff and students
- Third party providers - impact of vendor employee lock down or closure - domestic / international; cloud providers - confirm retention of data in agreed location i.e. Australia
- International Suppliers — some evidence of international suppliers focusing on local customers (i.e. not supporting our members quickly)
- Onsite Presence - requirement / availability; risk associated with physical presence onsite / working alone. Decision making/risk assessment for being ‘onsite’. Criteria for determining which activities are deemed ‘essential’? Identification of physical safety measures. Disabling of building access cards or changing locks as a control measure. Issuing of written ‘authority to be on campus’ for staff with ‘key worker status’.
- Impacts on own workforce — illness, requirement to isolate; capacity to work from home; lack of ergonomic workstation e.g. monitors in addition to laptops; physical and mental health; fatigue
- Maintenance of remote workforce equipment and software.
- The student experience — throughout the teaching cycle, incl exams; may lead to withdrawals
- ‘Zoombombing’ (like photo bombing) - reports from US of Zoombombing in video lectures. Requires advice to users re Zoom settings.
- Software licences - need for increased number of licences for some software e.g. conducting exams, proctoring; unlicensed use; audits