Remote working: information and key risks

3 February 2020 - Remote working: information and key risks

Remote working: information and key risks

 CAUDIT, ucisa's Australian equivalent, has kindly shared a list of key risks to remote working, as articulated by their members:

  • Census Date — students may choose to abandon the semester, resulting in lost income from domestic students
  • Employment — international students are not securing their normal levels of employment; there is a risk that they will be unable to afford costs and may have to return home
  • Borders — students overseas are unable to enter country to study, resulting in delays and loss in income
  • Quarantine/Isolation — students and staff from overseas are required to isolate for 14 days
  • Domestic Residential Students — students from other regions in country may wish to return home due to the virus; if courses cannot be run online, this may result in withdrawal
  • Increased cyber attacks — DDoS, phishing, data breaches

Added 01/04/2020:

  • VPN tools - Advanced persistent threats have been found in VPN solutions from Palo Alto Networks, Fortinet, and Pulse, among others. Ensure patching is up to date.
  • DDoS against VPN’s TLS server.
  • Remote desktop accounts - phishing or brute force attacks
  • Phishing - in the form of maps depicting spread of the infection in the various states

Added 02/04/2020:

  • Windows flaw lets Zoom leak network credentials, take care when clicking on links starting with \\ 
  • Internet load / network speed — inadequate access from home for staff and students
  • Third party providers - impact of vendor employee lock down or closure - domestic / international; cloud providers - confirm retention of data in agreed location i.e. Australia
  • International Suppliers — some evidence of international suppliers focusing on local customers (i.e. not supporting our members quickly)
  • Onsite Presence - requirement / availability; risk associated with physical presence onsite / working alone.  Decision making/risk assessment for being ‘onsite’.  Criteria for determining which activities are deemed ‘essential’? Identification of physical safety measures. Disabling of building access cards or changing locks as a control measure. Issuing of written ‘authority to be on campus’ for staff with ‘key worker status’.
  • Impacts on own workforce — illness, requirement to isolate; capacity to work from home; lack of ergonomic workstation e.g. monitors in addition to laptops; physical and mental health; fatigue
  • Maintenance of remote workforce equipment and software.  
  • The student experience — throughout the teaching cycle, incl exams; may lead to withdrawals
  • Zoombombing’ (like photo bombing) - reports from US of Zoombombing in video lectures. Requires advice to users re Zoom settings.
  • Software licences - need for increased number of licences for some software e.g. conducting exams, proctoring; unlicensed use; audits