Cybersecurity Challenge Analysis of Work-From-Anywhere (WFA) and Recommendations Guided by a User Study

IF 4.4 3区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

IEEE Transactions on Human-Machine Systems Pub Date : 2025-04-04 DOI:10.1109/THMS.2025.3552231

Mohammed Mahyoub;Ashraf Matrawy;Kamal Isleem;Olakunle Ibitoye

{"title":"Cybersecurity Challenge Analysis of Work-From-Anywhere (WFA) and Recommendations Guided by a User Study","authors":"Mohammed Mahyoub;Ashraf Matrawy;Kamal Isleem;Olakunle Ibitoye","doi":"10.1109/THMS.2025.3552231","DOIUrl":null,"url":null,"abstract":"Many organizations were forced to quickly transition to the work-from-anywhere (WFA) model as a necessity to continue with their operations and remain in business despite the restrictions imposed during the COVID-19 pandemic. Many decisions were made in a rush, and cybersecurity decency tools were not in place to support this transition. In this article, we first attempt to uncover some challenges and implications related to the cybersecurity of the WFA model. Second, we conducted an online user study to investigate the readiness and cybersecurity awareness of employers and their employees who shifted to work remotely from anywhere. The user study questionnaire addressed different resilience perspectives of individuals and organizations. The collected data includes 45 responses from remotely working employees of different organizational types: Universities, government, private, and nonprofit organizations. Despite the importance of security training and guidelines, it was surprising that many participants had not received them. A robust communication strategy is necessary to ensure that employees are informed and updated on security incidents that the organization encounters. In addition, there is an increased need to pay attention to the security-related attributes of employees, such as their behavior, awareness, and compliance. Finally, we outlined best practice recommendations and mitigation tips guided by the study results to help individuals and organizations resist cybercrime and fraud and mitigate WFA-related cybersecurity risks.","PeriodicalId":48916,"journal":{"name":"IEEE Transactions on Human-Machine Systems","volume":"55 3","pages":"428-439"},"PeriodicalIF":4.4000,"publicationDate":"2025-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Human-Machine Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10949601/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Many organizations were forced to quickly transition to the work-from-anywhere (WFA) model as a necessity to continue with their operations and remain in business despite the restrictions imposed during the COVID-19 pandemic. Many decisions were made in a rush, and cybersecurity decency tools were not in place to support this transition. In this article, we first attempt to uncover some challenges and implications related to the cybersecurity of the WFA model. Second, we conducted an online user study to investigate the readiness and cybersecurity awareness of employers and their employees who shifted to work remotely from anywhere. The user study questionnaire addressed different resilience perspectives of individuals and organizations. The collected data includes 45 responses from remotely working employees of different organizational types: Universities, government, private, and nonprofit organizations. Despite the importance of security training and guidelines, it was surprising that many participants had not received them. A robust communication strategy is necessary to ensure that employees are informed and updated on security incidents that the organization encounters. In addition, there is an increased need to pay attention to the security-related attributes of employees, such as their behavior, awareness, and compliance. Finally, we outlined best practice recommendations and mitigation tips guided by the study results to help individuals and organizations resist cybercrime and fraud and mitigate WFA-related cybersecurity risks.

查看原文本刊更多论文

基于用户研究的网络安全挑战分析及建议

尽管在COVID-19大流行期间实施了限制，但许多组织仍被迫迅速过渡到随时随地工作（WFA）模式，以继续运营并保持业务。许多决定都是匆忙做出的，而网络安全规范工具并没有到位来支持这种转变。在本文中，我们首先试图揭示与WFA模型的网络安全相关的一些挑战和影响。其次，我们进行了一项在线用户研究，以调查雇主及其员工从任何地方转移到远程工作的准备情况和网络安全意识。用户研究问卷针对个人和组织的不同弹性观点。收集的数据包括45个来自不同组织类型的远程工作员工的回复：大学、政府、私人和非营利组织。尽管安全培训和指导方针很重要，但令人惊讶的是，许多参与者没有得到这些培训和指导。一个强大的沟通策略是必要的，以确保员工了解并更新组织遇到的安全事件。此外，越来越需要关注员工的安全相关属性，例如他们的行为、意识和遵从性。最后，我们概述了以研究结果为指导的最佳实践建议和缓解技巧，以帮助个人和组织抵御网络犯罪和欺诈，并减轻与wfa相关的网络安全风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Human-Machine Systems COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-COMPUTER SCIENCE, CYBERNETICS

CiteScore

7.10

自引率

11.10%

发文量

136

期刊介绍： The scope of the IEEE Transactions on Human-Machine Systems includes the fields of human machine systems. It covers human systems and human organizational interactions including cognitive ergonomics, system test and evaluation, and human information processing concerns in systems and organizations.