A Project On A Study of Cybersecurity Strategies in The Age of Remote Work Submitted by - Submitted To - Enrollment No - Project Code

A
PROJECT ON
A STUDY OF CYBERSECURITY STRATEGIES IN THE AGE
OF REMOTE WORK
SUBMITTED BY –
SUBMITTED TO –
ENROLLMENT NO –
Project Code –
NMIMS Global Access

School for Continuing Education (NGA-SCE)
1
ACKNOWLEDGEMENTS
I would like to express my sincere gratitude to everyone who has contributed to the
successful completion of this research project on the “A STUDY OF CYBERSECURITY
STRATEGIES IN THE AGE OF REMOTE WORK”
Firstly, I would like to thank the management of Dell Company for granting me the
permission to conduct this research study in their esteemed organization. Their valuable
insights and support have been instrumental in completing this project.
I am also grateful to the staff members of Dell Company who participated in the study and
provided their valuable inputs and feedback. Their cooperation and willingness to share their
knowledge and experiences have been invaluable.
I would like to thank my mentor for providing me with guidance and support throughout the
course of this project. His/her expert knowledge and experience in the field of operation
management and information technology have been instrumental in shaping my research
work.
Finally, I would like to thank my friends and family for their unwavering support and
encouragement. Their motivation has helped me stay focused and committed towards
completing this project successfully.
Once again, I extend my heartfelt gratitude to everyone who has contributed to the
completion of this research project.
Thanks,
2
ABSTRACT
As the COVID-19 epidemic has progressed, remote labour has becoming ubiquitous across
industries and company sizes. A lot of new cybersecurity threats have emerged as a result of
this shift towards remote work. Therefore, in order to effectively adjust to this method of
working and reduce the security risks connected with remote work, organisations and
individuals alike must be knowledgeable of critical security guidelines. In March 2020,
cybercriminals acted in tandem with businesses that were rushing to implement cybersecurity
measures for remote employees. Since many businesses neglected to implement security
measures for remote workers, hackers were able to take advantage of the growing number of
vulnerabilities. Some problems that are found out in the study are:
Weak passwords
Weak, insecure, or recycled passwords and login credentials are a major concern to remote
workers. Without safe passwords, firewalls and VPNs are useless. Software lets hackers
crack account passwords and access crucial corporate data. They can create massive lists of
frequent passwords or programmes that guesses login combinations using various password
variants. Users often try to access corporate accounts using passwords they know someone
has used for a personal email or social media account.
Sharing files
Remote workers often share files with coworkers using file-sharing platforms. When kept on
corporate networks, these files may be encrypted. Remote sharing may compromise security.
Hackers can intercept or steal sensitive data in transit when using file-sharing software.
Corporations might lose critical data to data theft, identity fraud, and ransomware attacks.
Insecure Wi-Fi
3
Firewalls monitor and block malicious traffic, making corporate Wi-Fi networks secure.
Remote workers can access company networks and systems using unsecured Wi-Fi. Most
people update smartphone firmware and antivirus software but rarely house routers. This can
make their home network exposed to cyber breaches that compromise corporate data.
Personalised devices
A major security risk of remote working is utilising personal devices to access company
networks and systems. Unlike corporate computers and laptops, these devices generally lack
cybersecurity. Hackers can exploit security flaws in home printers and smartphones that don't
encrypt data.
Overall, the chosen organisation Dell is facing tremendous issues regarding this facts and it is
trying to mitigate the problem by introducing solution. To understand the scenario a survey
was conducted which gave results on the amount of literacy levels people have regarding
remote work security and the measures that can be taken to manage it in the study.
4
Table of Contents
Chapter 1....................................................................................................................................8
1.0 Introduction......................................................................................................................8
1.1 Company profile.............................................................................................................18
1.2 Objective of the study.....................................................................................................18
1.3 Limitation of the study...................................................................................................19
1.4 Scope of the study..........................................................................................................20
1.5 Significance of the study................................................................................................22
1.6 Statement of the problem................................................................................................22
Chapter 2..................................................................................................................................24
Literature Review.....................................................................................................................24
2.1 Introduction....................................................................................................................24
2.2 Review of existing Literature.........................................................................................24
2.3 Case examples of cyber security threats in India...........................................................34
2.4 Security risks of remote working...................................................................................37
2.5 Steps undertaken to manage cybersecurity in India.......................................................39
Chapter 3..................................................................................................................................43
Methodology............................................................................................................................43
3.0 Introduction....................................................................................................................43
3.1 Methods outline..............................................................................................................43
3.2 Research Onion...............................................................................................................44
5
3.3 Research Paradigm/Philosophy......................................................................................45
3.3.1 Justification for selecting positivism.......................................................................47
3.4 Research Approach.........................................................................................................47
3.4.1 Justifying the use of deductive approach.................................................................48
3.5 Research Design.............................................................................................................48
3.5.1 Justification for choosing descriptive design...........................................................49
3.6 Data collection................................................................................................................50
3.6.1 Secondary data collection........................................................................................51
3.6.2 Primary data collection............................................................................................51
3.7 Methods of data collection.............................................................................................51
3.8 Data Analysis..................................................................................................................52
3.9 Sampling.........................................................................................................................52
3.9.1 Sampling Technique................................................................................................53
3.9.2 Sample Size..............................................................................................................53
3.10 Time schedule (Gantt chart)......................................................................................53
3.11 Ethics........................................................................................................................54
Chapter 4..................................................................................................................................57
Data Analysis........................................................................................................................57
Chapter 5..................................................................................................................................72
Findings................................................................................................................................72
Suggestions...........................................................................................................................73
6
Conclusion............................................................................................................................75
References................................................................................................................................77
7
Chapter 1
1.0 Introduction
While remote work is quickly becoming the norm, conventional IT security measures have
focused on the office and corporate network, ignoring the growing prevalence of remote
workers. Employers and employees alike must be cognizant of the fact that remote work
situations provide a number of cybersecurity threats. Cybersecurity threats such as phishing,
malware, ransomware, and data breaches are prevalent among remote workers. As users are
accessing company data and systems from outside the business perimeter, security risks grow
when workers execute their job obligations from remote locations like home offices or airport
lounges. However, several researches have been imposed upon to come with cyber security
strategies that can be incorporated to manage security of remote workers. In this age of
remote work following security potential is identified as the priority for the people included
in this domain. In order to understand the security risk and the strategies to mitigate those risk
it is important to understand what cyber security is:
Cyber security
The term "cybersecurity" describes the steps taken to keep data, networks, devices, and
computer systems safe from intrusion, theft, damage, and interruption. Security in the digital
realm refers to a wide range of measures taken to protect the privacy, authenticity, and
accessibility of data stored in digital formats.
Important parts of cybersecurity consist of:
Risk management entails finding, evaluating, and ranking potential cyber threats to a
company's data, systems, and networks.
8
When it comes to protecting and making use of digital assets and resources, it's important to
have a set of rules and regulations in place.
Controlling who has access to what in a system or database depends on a number of
elements, including user roles, privileges, and authentication methods.
The process of encrypting data using cryptographic algorithms renders it unintelligible to
anybody other than the intended recipient, regardless of whether the data is intercepted while
in transit or stored.
Security appliances and software that monitor and filter network traffic are known as
firewalls and intrusion detection/prevention systems. These systems restrict unauthorised
access and suspicious activities.
Antivirus and Antimalware Software: Setting up and maintaining programmes that identify,
block, and eliminate harmful software like ransomware, viruses, worms, and Trojan horses.
Password hygiene, phishing awareness, and safe web browsing habits are just a few of the
cybersecurity best practices that staff and consumers may learn about through security
awareness training.
Cybersecurity incidents, such as data breaches or system intrusions, necessitate the
establishment of processes and policies for detection, response, and recovery.
9
Assessing the efficacy of security controls, finding and fixing vulnerabilities, and
continuously monitoring system and network activities are all parts of continuous monitoring
and assessment.
Following all applicable laws, regulations, and cybersecurity standards (e.g., GDPR, HIPAA,
PCI DSS, and ISO 27001) is essential.
Effective mitigation of cyber risks and protection of digital assets necessitates cooperation
among technology specialists, risk managers, legislators, and end-users; cybersecurity is, in
short, a multidisciplinary field.
Remote work
The term "remote work," which can also mean "telecommuting" or "telework," describes
employees who do their job duties away from an office, typically from their own home.
Computers, phones, and the internet allow workers in remote work arrangements to carry out
their job responsibilities and stay in touch with their bosses and coworkers.
Some important features of working remotely are:
Employees who work remotely have more freedom to select where they get their job done,
whether that's from the comfort of their own home, a shared office, or some other appropriate
location. Better work-life balance and higher levels of job satisfaction can be achieved
through this flexibility.
10
Depending on technology to help with communication, teamwork, and getting things done is
a big part of remote work. Software for managing projects and data stored in the cloud, as
well as email, instant messaging, and video conferencing, are common tools for remote
workers.
Tools for Communication: In remote work settings, good communication is key. Video
conferencing software (e.g., Zoom, Microsoft Teams), instant messaging apps (e.g., Slack,
Microsoft Teams), and email are some of the communication tools and platforms that
organisations typically use to enable real-time communication.
Performance Evaluation: New approaches to evaluating the efficiency and effectiveness of
remote workers may be necessary. To make sure that employees are held accountable and
that performance expectations are fulfilled, employers can utilise technologies to monitor
their work hours, tasks, and project milestones.
Work-Life Balance: Employees who work remotely have more leeway to balance their
personal and professional lives, since they can choose their own hours and prioritise tasks.
Possibilities and Obstacles: Working remotely has many advantages, but it also comes with
certain problems, such as working alone, having trouble communicating and collaborating,
and having trouble separating your personal and professional lives. Nevertheless,
organisations may conquer these obstacles and take use of remote work's benefits with the
right kind of help, tools, and communication plans.
11
Thanks to developments in technology and shifts in work culture and attitudes, remote
employment is on the rise. Organisations prioritised employee safety and adhered to social
distancing principles by implementing remote work policies during the COVID-19 epidemic,
which further pushed the adoption of remote work. Consequently, remote work is changing
the face of many sectors and workplaces, and it will continue to do so in the years to come.
Connection between cybersecurity and remote work
Because they don't have to worry about getting to and from work, dealing with workplace
small talk, distractions, and other issues, remote workers are more productive. They also have
more time for themselves, exercise, family, and a better work-life balance. In order to
maintain high productivity and low staff turnover, job happiness is crucial. Post covid era it
has become a trend to ask the employer to provide remote work. For a number of reasons,
remote work has increased the number of people who could be the victims of cyber assaults.
There are fresh openings for cybercriminals to take advantage of because of the growing
dependence on information and communication technologies brought about by the shift to
remote employment. The subfield of information security known as "remote work security"
focuses on safeguarding sensitive company information when employees are not physically
present at an office. The fact that most people use their own devices on public and private
Wi-Fi networks increases the already substantial cybersecurity threats. Someone could have
access to a remote worker's device as well as the network as a whole if the security of
someone else's device is inadequate. Specific challenges that remote work impose on cyber
security are as follows:
1. A wider area to launch attacks
The attack surface for organisations has grown as the number of remote workers has
increased. Kumar Avijit, director of the cloud and infrastructure practice in the IT services
12
team at research firm Everest Group, stated that security staff are frequently overworked due
to the increased number of endpoint devices, networking connections, and software that need
to be protected. "That also adds to the complexity of what [teams] must secure," according to
him.
2. Supervision of data handling by distant workers is lacking or non-existent.
According to Troha, data loss from remote work is still an issue, even though many security
teams have installed mechanisms that prevent employees from transferring critical
information to their local devices. Even at companies with robust data protection rules and
processes, he and other consultants found that work-from-anywhere settings significantly
raise the chance of data breaches and leaks. Because security staff aren't able to keep tabs on
workers when they're not in the office, data breaches, whether accidental or purposeful, are
more likely to occur when employees work remotely. As an example, employees may be
working with sensitive information that might be viewed by anyone, whether they are at
home with loved ones or in a public place. Furthermore, frustrated workers who are looking
for a new job can take pictures of confidential information on their screens while working
remotely, which they probably wouldn't do in an office where they could be seen.
3. Difficulty in meeting data regulation requirements
In a work-from-anywhere setting, organisations may discover that complying with
regulations is increasingly difficult. According to Scott Reynolds, senior director for
enterprise cybersecurity at professional association ISACA, remote workers have the
potential to access and transfer data in a manner that goes against several data privacy and
protection laws and contractual commitments with other organisations. "You may have
contracts that say this data may only be processed in the EU or the U.K.," according to him.
13
"But, if you have workers coming to the U.S. or working remotely elsewhere and they start
working on that data, that introduces a compliance risk."
4. More likely to fall victim to social engineering scams like phishing
Both in-office and remote employees are vulnerable to social engineering assaults like
phishing. Nevertheless, according to Sushila Nair, VP of security services at NTT Data
Services and a member of ISACA’s Emerging Trends Working Group, these kind of assaults
are more likely to succeed when directed towards remote workers. "Research has found that
people working from home can be more distracted and they're more likely to click on
suspicious links," according to her. In addition, unlike coworkers who are physically present
in the office, remote workers have a more difficult time confirming the authenticity of email
communications that claim to have come from coworkers. The likelihood of them falling for
phishing emails pose as requests for sensitive information from legitimate sources, such as
executives, employees, business partners, and coworkers, rises as a result.
5. AI-driven assaults pose a greater threat
According to Ed Skoudis, head of the SANS Technology Institute, a college that is part of the
cybersecurity training, education, and certification organisation SANS Institute, attackers are
increasingly automating social engineering attacks using AI, specifically generative AI
technologies. It may be much more difficult for remote workers, particularly those who do
not frequently meet in person, to differentiate between these types of attacks and genuine
interactions. For instance, if they don't have a rapport with their coworkers, they may miss
the increasingly nuanced language employed by hackers using AI to impersonate colleagues.
On top of that, generative AI makes it easier for cybercriminals to launch phishing
14
campaigns, which means that both in-office and remote workers are more likely to be
targeted.
6. Vulnerable and unprotected hardware
According to Jim Wilhelm, a principal in KPMG's cybersecurity services practice, many
employees use their own devices for work, whether or not they know how to properly secure
and protect them. This is due to a mix of factors, including more remote work and
longstanding BYOD policies. Even though companies can have workers change things like
default passwords, security managers don't always know if employees really do what they're
told. "CISOs have to hope their workers are following their security policies," said Steven
McKinnon of consultancy firm Guidehouse's cyber solutions team, who is also an associate
director for financial fraud and investigation.
7. Networks without proper security measures
The usage of unprotected networks, including public Wi-Fi, is also more likely when workers
are required to work remotely. Attacks can compromise even private home networks.
"Corporations can secure their own networks, but they can't know how any network that's not
corporately managed -- whether it's a network in a worker's house or at their local cafe -- is
configured," said Reynolds. "They're essentially relying on a third party to implement the
needed network security."
8. Vulnerable devices being part of a shared network
Troha warned that the proliferation of users on both public and private Wi-Fi networks
increases the likelihood of cyberattacks. Someone could have access to a remote worker's
15
device as well as the network as a whole if the security of someone else's device is
inadequate.
9. Exploiting Webcams and Zoom Bombing
At the outset of the epidemic, cybercriminals took advantage of the widespread adoption of
unprotected internet collaboration tools including video conferencing. In order to get an
advantage, cybercriminals destroyed online conferences and meetings and lurked unobserved
on Zoom and other platforms. According to Skoudis, security teams hurriedly put defensive
measures in place in reaction to these instances, but the risk of such incidents still persists.
10. Chat platforms' security flaws
Attackers are increasingly focusing on staff chat platforms rather than meetings as a means to
compromise them. "They're getting into an organization's chat, where they'll watch and
monitor for months to see how people are interacting," said Skoudis. "Then, they'll build
relationships, build trust and gather information." He went on to say that remote workers who
rely solely or primarily on the chat feature to communicate with coworkers are less likely to
notice an attacker's ruse.
Rationale behind the study
For several reasons, it is essential to conduct research on cybersecurity solutions for the
modern era of remote work:
Greater Exposure: Cybersecurity risks and vulnerabilities are amplified when employees
work remotely. Workers unknowingly put important information at risk when they access
company networks from different places and devices.
16
The cybersecurity threat landscape is ever-changing, with criminals finding new ways to take
advantage of remote work arrangements through phishing, ransomware, and other harmful
tactics. In order to create effective defences, it is crucial to comprehend these dangers.
Organisations have a responsibility to protect their employees' personal information,
proprietary ideas, and financial records, among other sensitive data. Preventing data breaches
and keeping stakeholders' trust requires strong cybersecurity measures.
Data protection and privacy regulations impose stringent standards on a wide range of
businesses. Taking extensive cybersecurity precautions is essential for complying with
regulations like GDPR, HIPAA, or CCPA, particularly in remote work settings where data
storage and access could be less regulated.
Difficulty with Technology: Technologies like cloud services, collaboration tools, and virtual
private networks (VPNs) are crucial to remote work. It takes expert understanding and
preventative actions to safeguard these technologies against cyber dangers.
Employee Knowledge: It's possible that remote workers aren't as knowledgeable about
cybersecurity as their on-site counterparts. The entire cybersecurity posture of an organisation
can be improved by teaching remote workers best practices, such as creating strong
passwords, recognising phishing efforts, and securely connecting to company networks.
17
Dangers to the Supply Chain: When employees work remotely, they are interacting with
people outside of the company, such as vendors, suppliers, and partners. Cybersecurity
threats need to be addressed efficiently as each additional link is introduced.
Maintaining Operations: Cybersecurity breaches have the potential to halt company
processes, which in turn can cause monetary losses and harm to the company's brand.
Business continuity is guaranteed with resilient cybersecurity measures, even when cyber
threats are present.
Researching cybersecurity solutions in the era of remote work can help organisations find
weak spots, reduce risks, and safeguard digital assets while keeping operations resilient.
Having this information is essential for keeping up with the ever-changing world of
cybersecurity and protecting yourself from new threats.
1.1 Company profile
Currently, Dell is one of the well known companies that provide remote working solutions
for people. They are facing some tremendous cyber security threats though. With 57% of
respondents in India, Australia, Japan, South Korea, and Singapore reporting a cyberattack
that prevented access to data in the past 12 months, concerns over cyber threats are on the rise
and rank high among the causes of organisational disruption, according to a new report by
Dell Technologies.
With $1,000 and a revolutionary idea about the future of technology, Michael Dell
established PC's Limited while still a student at the University of Texas. Upon finishing his
first year of college, he decides to quit his dorm room and focus solely on expanding his
business. The idea has however expanded to the year's revenue of $88.4 billion was a 14%
decrease from the previous fiscal year. The operational income was $5.2 billion, which is
18
down 10% from the previous year, while the non-GAAP operating income was $7.7 billion,
down 11%. For the entire year, $8.7 billion was generated via operating cash flow.
1.2 Objective of the study
● The goal is to protect sensitive information from cybercriminals, hackers, and
other bad actors in order to avoid data breaches and identity theft.
● To lessen the effect of cyberattacks on organisations' operations, reputation, and
money in order to maintain business resilience and continuity.
● To assist the selected business in managing security risks associated with remote
work, Dell Technologies has developed a set of recommendations.
1.3 Limitation of the study
The following are a few of the restrictions:
Ø Sample Size and Representation: The sample size and representativeness may pose
limitations to the investigation. The generalizability of the results to the larger population
of remote workers in India may be impacted by a smaller sample size or a sample that is
biased towards a certain demographic.
Ø Geographical Restrictions: Given that employee work culture ranges greatly
throughout Indian regions; the study's conclusions may be impacted by these restrictions.
A narrow local focus can miss the variety of preferences and variables affecting decisions
across the nation.
19
Ø Time Restraints: Given that employee work culture and market dynamics are subject
to change, the study's timeline may prove to be a constraint. It's possible that changes in
the competitive environment or in employee behaviour that take place after the study
period will not be fully reflected in the data gathered.
Ø Self-Reporting Bias: Relying too heavily on self-reported data may result in bias
because participants may give answers that are skewed by memory problems or social
desirability concerns. This bias may affect how accurate the data collected for the survey
is.
Ø The study may not have taken into consideration all the cultural and societal factors
that affect the decisions made by employees. The study does not thoroughly examine the
manner in which diverse cultural environments and societal trends may influence remote
working and its security.
Ø Rapid technological improvements have the potential to alter cyber security strategies.
It's possible that the survey missed some recent technology advancements.
Ø Constraints on Survey Methodology: The precision and dependability of the study's
findings may be impacted by restrictions on the survey's administration, design, and data
processing methods.
By recognizing and resolving these issues, the study's transparency and trustworthiness will
increase, enabling readers to evaluate the results with a clear knowledge of any potential
limits.
1.4 Scope of the study
There are several important reasons why cybersecurity and remote work go hand in hand:
20
Employees' access to business systems and data from a variety of devices and locations
outside of the typical office setting increases the attack surface for organisations when they
operate remotely. Because of this increased attack surface, fraudsters have greater chances to
launch assaults by taking advantage of security holes.
When employees work remotely, they frequently connect to company resources using their
home networks. However, these networks might not have the same stringent security
measures as corporate networks. Inadequate protections in home networks, such as
unprotected Wi-Fi or out-of-date firmware on routers, put private information at risk.
Device Security: When people work remotely, they often utilise their own mobile devices
(phones, tablets, computers, etc.) to complete job-related activities. Preventing malware
outbreaks, data breaches, and unauthorised access requires ensuring the security of these
devices.
Email phishing, social engineering, and other forms of cybercrime are common ways that
criminals target remote workers. Due to the absence of direct supervision and security
awareness training, remote workers may be more vulnerable to these types of assaults.
Concerns concerning data protection and confidentiality arise with remote work, especially
when employees handle sensitive information outside of the office. Protecting data from
prying eyes requires the use of encryption, access controls, and other methods to avoid data
loss.
21
Secure Remote Access: In order to guarantee that remote employees may connect to
company systems and networks securely, organisations should offer solutions like virtual
private networks (VPNs) and multi-factor authentication (MFA).
Cybercriminals frequently aim their attacks at endpoint devices, such mobile phones and
laptops, because these are easy targets for them when they are trying to obtain unauthorised
access to company networks. To counteract these dangers, it is recommended to implement
endpoint security solutions including firewalls, antivirus programmes, and EDR tools.
In order to reduce the security dangers that come with remote work, it is vital that employees
receive security awareness training. This training should teach them how to recognise
phishing efforts, create strong passwords, and safely access company resources.
In summary, the correlation between cybersecurity and remote work stresses the need for
stringent security measures, greater public understanding of cybersecurity threats, and
security tactics tailored to the specific difficulties of remote labour. Within the scope of the
study certain aspects will be reviewed and important suggestions will be given. Organisations
may reduce vulnerabilities, safeguard confidential information, and guarantee the safety of
their digital assets by making cybersecurity a top priority in remote work programmes.
1.5 Significance of the study
Theft and destruction to any type of data may be disastrous, which is why cybersecurity is
crucial. Information systems used by governments and businesses, as well as private and
sensitive data, protected health information, intellectual property, and other similar assets are
all part of this category. Theft, loss, or accidental disclosure are all more likely to occur when
22
employees use company devices at home. Data and information stored on that device are
protected from easy access by encryption. This is of utmost importance if workers keep
sensitive information about other people. To gain an edge in the digital world and reduce the
risks of cyber threats, organisations must prioritise the security of sensitive data and ensure
business continuity. Hence, the research topic chosen is immensely an important one to focus
furthermore.
1.6 Statement of the problem
Employees who do their jobs from home frequently access company resources using
unprotected home networks or public Wi-Fi hotspots. Hackers can get unauthorised access to
these networks and use them to intercept data or attack distant equipment. The cyber security
risks can be summarised as:
● devices could be stolen or lost due to a lack of physical security measures.
● eavesdropping—as data transfers across open networks.
● unapproved access to computer systems or data — maybe by glancing at the screen.
● observing and modifying data — in the event that an unauthorised individual has
access to the gadget.
23
Chapter 2
Literature Review
2.1 Introduction
Although remote working has become an important aspect of worker’s lives. The possible
threats to the safety of remote workers include:
● Using unsecured public or home Wi-Fi networks to access company data and systems
could leave a corporate network vulnerable to unauthorised access.
● Leaving their desks unattended at public place
● Clicking on malicious web links
The study tries to identify these threats and work out probable solutions to manage the threats
so that there is smooth risk free remote work achieved.
2.2 Review of existing Literature
Borkovich, and Skovira, (2020) explains that businesses and individuals throughout the world
are being cautioned by experts in the field of technology and cybersecurity about the growing
danger of cyberattacks. After the COVID-19 pandemic hit, the number of successful attacks
in the United States increased by 600% (Inglet, 2020) and worldwide by 300% (FBI IC3
Report, April 2020), according to the FBI.
As a result of the covert danger posed by COVID-19, more and more individuals are working
remotely or telecommuting, which has led to an upsurge in successful attacks. When
employees open attachments, have more access to data or administrator rights than needed,
save sensitive information to thumb drives, send work emails to personal accounts, or share
documents they shouldn't, organisations reveal their weakest link: their employees. Our
studies centre on the challenges that remote workers face when it comes to cybersecurity,
namely the ongoing battle to protect sensitive company and personal data when not in an
24
office setting. Thus, this article delves into the cyber dangers and benefits that businesses and
individuals experience when employees operate remotely. It goes on to provide suggestions
for reducing the negative cyber impacts on teleworkers and their organisations.
Hijji, and Alam, (2022). Explains that due to its direct impact on organisations' key assets and
information, cybersecurity currently plays an essential role in computing and information
technology. Organisational assets and information can be safeguarded from a variety of
harmful assaults and vulnerabilities by the application of cybersecurity measures such as
integrity, availability, and confidentiality. Businesses are facing new cybersecurity risks as a
result of the COVID-19 epidemic, particularly as more and more people work from home.
Cybersecurity has recently emerged as a top priority for businesses as they accelerate their
digital transformation. Organisations often shell out a hefty sum for software and hardware
system security measures like encryption techniques, intrusion detection systems, antivirus
software, and antispyware software. The growing number of security flaws discovered during
the COVID-19 epidemic means that these fixes are insufficient, and organisations are still at
danger. Developing a system to educate and train remote workers on cybersecurity is an
urgent requirement. The overarching goal of this study is to provide a Cyber Awareness and
Training (CAT) framework that can be used by organisations to assess their employees'
cybersecurity skills. Many businesses will be able to safeguard their assets and vital data with
the help of the suggested CAT framework, which will facilitate the efficient and effective
management of security-related concerns and obstacles. Three main tiers and twenty-five
essential practices make up the created CAT framework. In order to assess the practicality of
the CAT framework in actual organisational contexts centred around cybersecurity, case
studies are carried out. The results of the case studies showed that the suggested CAT
framework can assess the current skill levels of staff members and then provide them with the
25
necessary training to successfully address the cybersecurity threats that their organisations
encounter.
Nyarko, & Fong, (2023, January) explains that managing the security risks connected with
remote work is critical for organisational development, since it has become an integral aspect
of keeping operations functioning. The purpose of this research is to learn how
telecommuters adhere to the cybersecurity policies and regulations of their respective
companies. This research aims to explore the difficulties remote workers encounter, the
techniques that organisations employ to maintain good cyber security compliance, and the
ways in which compliance is lowering cyber risk exposure. In addition, it will help
employees enhance their cybersecurity compliance by collecting the best compliance
methods utilised for trust maintenance, protecting, and decreasing insider risk/human error.
Examining the cyber security compliance knowledge, dedication, and drive of remote
workers is the goal of this mixed-method study. The results reveal that despite the majority of
companies have plans to ensure that their remote employees are compliant with cyber
security standards, over 50% of those surveyed either do not know about these standards or
have not received the training they need to be compliant.
Nwankpa,and Datta, 2023 says that organisations face a formidable obstacle as a result of the
confluence of growing cybersecurity threats and the prevalence of remote labour. Concerns
about cybersecurity risks and dangers have not been adequately addressed, even as more and
more companies are moving towards remote workers. In order to understand how remote
work could cause a moral hazard in terms of cybersecurity awareness and security-based
precaution-taking among employees, this study utilises the Peltzman Effect and the
complacent framework.
26
Results from the survey of 203 American remote workers lend credence to the study's
hypotheses. The data show a positive correlation between remote work and cybersecurity
knowledge and security-based precaution-taking, which goes against popular assumptions
regarding remote employment. Compliance with information security policies also mitigates
the impact of remote work on cybersecurity awareness, according to the results. Furthermore,
the study shows that remote workers are more inclined to implement security-based
precautions when they become more knowledgeable about cybersecurity. Researchers hope
these findings will help managers better understand the risks of remote labour in light of
existing theoretical frameworks on security-precaution behaviours.
Bispham, et al. (2021) explains that in light of the current COVID pandemic, this report
details the results of an exploratory study that looked at the potential consequences of a
change to WFH. There has to be a shift in perspective, according to exploratory interviews, as
the media and literature on the subject are fixated on growing cybersecurity worries. The
current emphasis on security issues related to WFH is vital, but it misses the bigger picture.
Equally important is determining whether early WFH adaption and experiences led to
cybersecurity techniques and infrastructure that have permitted WFH on a substantially larger
scale. Is it feasible that cybersecurity advancements have actually facilitated WFH and other
forms of remote telework for certain sorts of work and certain types of people? Many people
use a combination of working from home and going into the office, or a combination of the
two, and this question offers a foundation for further study into whether cybersecurity hinders
or facilitates WFH behaviours. To gain a more empirically grounded perspective on whether
cybersecurity has turned into an enabler of remote work, we propose survey research and
selected case studies on multiple well-defined groups of people. This is necessary because
even experts in the field of WFH have limited viewpoints.
27
Weil, & Murugesan, S. (2020) says that decisions made by stakeholders and executives in
organisations have contributed significantly to the COVID-19 issue, which has resulted in a
cyber pandemic Data breaches now cost an average of $4.24 million, but many business
owners still believe their company is safe from attack. Professionals in the field dispute this.
No longer is the question of whether an organisation will be attacked in today's climate, when
many have been compelled to close their doors and send employees home, but rather, when
will it happen? The shift towards a "perform any aspect of the job from any location"
mentality among many managers is largely to blame for this development in the modern
workplace. A cyber pandemic has broken out because thieves now have a far larger target
pool to attack.
The emerging cyberworld, wherein more workers do remote work, data resides in more
locations and is transferred more regularly, and workers frequently use new technology,
deserves our attention. Organisations can better equip themselves to defend against
cybercrime in the age of COVID-19 by utilising rational choice theory, which delves into the
ideas related to decision-making in this new reality.
Pandya,et al (2024) says that in 1918 the pandemic of plague had adversely hit the economy .
It was not possible for people to move out and carry their work. It took years globally to get
economically stable. In a situation like that people then could hardly do anything. Today
again in 2020 we are facing a similar situation globally .However, thanks to technology today
people aren't that helpless work wise. We have the option of working from home. There are
many things the Internet and Internet based technology has made it possible today. Although
this is a blessing it also brings along some threats which we need to be aware of and address
28
them. This research paper is an attempt to highlight some important cyber security threats and
measures when using different apps and tools while working from home.
Milson, and Altan, (2023) says that there are new cybersecurity opportunities and threats
brought about by the rise of remote work. This article delves into the unique difficulties that
organisations encounter when they attempt to secure remote work environments amongst the
complexity of the task. System decentralisation and the
Traditional security measures confront major challenges due to the varied assortment of
devices and networks used by remote employees, which greatly increases the attack surface.
This study explores the complex issues, such as the increased vulnerability to social
engineering and phishing attacks in remote locations, the increased risk of cyber threats from
unprotected home networks, and the potential weaknesses in personal devices used for work.
Furthermore, the intricacies of managing and preventing data loss across different devices
and cloud services are examined. This study presents a thorough set of recommendations to
strengthen cyber security in remote work settings in light of these difficulties. These practices
include recommending the use of VPNs for secure networks, adopting strong authentication
techniques like multi-factor authentication (MFA), and stressing the need of regular updates
and patch management to reduce vulnerabilities. Security of cloud services and
communication tools that are essential to remote work operations, as well as an agile incident
response strategy, are emphasised. Network activity monitoring is also important.
Malecki, (2020) explains that Because of the COVID-19 epidemic, companies have had to
adjust their methods of operation. In an effort to safeguard their citizens and limit the virus's
29
global spread, countries have enacted regulations. Entire workforces have begun working
remotely as a result of these measures, which include tight lockdown and social distance.
Because of the COVID-19 epidemic, companies have had to adjust their methods of
operation. There is now the biggest remote workforce in history, with millions of people
doing remote work from the comfort of their own homes.There is now the biggest-ever global
remote workforce, made possible by millions of people working from the comfort of their
own homes. Entire firms have come to rely on IT teams to build up work-from-home options.
The data security risks associated with relocating millions of personnel, their computers, and
their data from a protected office environment are already high, and they become much worse
when the transition has to be completed quickly. There is a lot on the line for companies,
since the risks can vary from minor technological issues and human mistakes to massive
ransomware attacks. Never before has the importance of IT teams' contributions to company
continuity been greater.
Georgiadou et al. (2022) says that telework became an absolute need post covid, and this
research seeks to assess the cyber security culture readiness of organisations across various
countries and industries. During the COVID-19 pandemic, we created a survey specifically
for employees who were working remotely and administered it on the web. From April 7th,
2020, to May 3rd, 2020, participants had nearly a month to fill out the brief survey, which
included no more than 23 questions. Over that time, 264 people from 13 different European
nations took about 8 minutes to fill it out. Individual and organisational information security
preparedness and resilience were the subjects of evolutionary conclusions derived from
multi-perspective analysis of collected data. This study presents and discusses results in detail
while highlighting potential future scientific and research directions. Several cyber security
30
advice are offered to address the newly discovered vulnerabilities and the necessity of
evolving security culture.
Ramadan et al. (2021), says this article reports the results of an exploratory study that looked
at the potential consequences of a change to WFH. There has to be a shift in perspective,
according to exploratory interviews, as the media and literature on the subject are fixated on
growing cybersecurity worries. The current emphasis on security issues related to WFH is
vital, but it misses the bigger picture. Equally important is determining whether early WFH
adaption and experiences led to cybersecurity techniques and infrastructure that have
permitted WFH on a substantially larger scale. Is it feasible that cybersecurity advancements
have actually facilitated WFH and other forms of remote telework for certain sorts of work
and certain types of people? Many people use a combination of working from home and
going into the office, or a combination of the two, and this question offers a foundation for
further study into whether cybersecurity hinders or facilitates WFH behaviours. To gain a
more empirically grounded perspective on whether cybersecurity has turned into an enabler
of remote work, we propose survey research and selected case studies on multiple well-
defined groups of people. This is necessary because even experts in the field of WFH have
limited viewpoints.
Khan et al. (2022) explained that the rapid global spread of coronavirus illness (COVID-19),
one of the worst pandemics of this century, has tremendous global effects. Because of this,
the WHO declared it a pandemic. Several nations have implemented new measures in
response to the COVID-19 pandemic, including curfews, mandatory handwashing, and the
closure of organisations, businesses, and airports. Concurrently, those with white hats are
making every effort to accommodate the epidemic. On the one hand, white hats are
31
safeguarding the public, but on the other, cybercriminals are capitalising on the situation,
leading to a widespread epidemic. This study delves into the current state of cybersecurity,
shedding light on hitherto unexplored facts and associated studies. Cyberattacks that occurred
during the COVID-19 pandemic are detailed in this article. The World Health Organisation
(WHO), reputable groups, news outlets, official government reports, and existing research
articles have all contributed significantly to the body of knowledge. The report continues by
categorising the many cybersecurity dangers and attacks that occurred during the COVID-19
period, and then it offers solutions and advice for each category. This article informs on the
current state of cybersecurity threats and attacks, as well as a historical overview of these
threats and responses. On top of that, it's a start in the right direction towards studying the
pandemic's impact on the country's infrastructure and the social behaviour of hackers and
criminals.
Dutta et al. (2022), while the fast advancements in cybersecurity have been a major emphasis
for remote businesses and workers, this article also delves into how employees felt about
working remotely during the COVID-19 epidemic. Seven people were interviewed and forty-
seven people filled out surveys; all of them were employees or contractors of the
International Telecommunication Union (ITU) at the time of the research. According to
research on remote workers' perspectives and experiences, the most highly regarded
advantages of remote work are its adaptability and time-saving efficiencies, whereas the most
negative aspect of pandemic teleworking is the absence of social interaction.
Additional research is needed to confirm the correlation between younger age and reported
lower levels of motivation at work. Although the teleworkers in the study did not see an
extraordinary amount of cyberattacks, the interview questions proved that cybercriminals
took advantage of the weaknesses in teleworking and ramped up their attacks during the
32
epidemic. During the Coronavirus cyber crisis, quick modifications and enhanced cyber-
protection on the part of employees probably averted additional damage, but they couldn't do
away with cyberattacks altogether. There is an insurmountable danger to the security,
resilience, and efficiency of both individuals and organisations from the persistent
cybersecurity flaws, particularly in the use of personal devices.
Senapati, and Bharathi (2023) explains that with the sudden shift towards "Remote Work,"
it's clear that people with experience and those fresh to the internet were equally unprepared
for the prevalence of cyber threats. There are several factors that contribute to the information
security risks associated with remote work. These include people's careless internet habits
(such as using unprotected home networks or unpatched software), organisational policies
that fail to address cyber security, insecure teleconferencing and video conferencing
practices, and intense cyber-attack techniques. This study delves into these aspects and
reveals the major determinants of cyber security compliance in remote work. In order to
comprehend the gaps that are leading to the introduction of new vulnerabilities, the research
examined the aforementioned elements. Primary quantitative data for the study came from
online surveys, making it an empirical study. The people who worked from home throughout
the epidemic are the intended subjects of this study. Partially Least Squares Structural
Equation Modelling (PLS-SEM) was used to analyse the primary data collected for the study.
We found that employees' knowledge of cyber security best practices, their awareness of
recent cyber-attacks, their habits when using the internet, and their habits when using secured
video conferencing all had a positive correlation with employees' compliance with the
company's cyber security best practices. Organisational security compliance and employee
cyber security knowledge are unaffected by business rules and procedures, according to the
theory. The aforementioned hole in the present study can be filled with additional research.
33
Soni, et al. Sharma, (2020) says the work culture that an organisation offers its employees has
a significant impact on its reputation. This is why "flexibility" is increasingly being
incorporated into an employer's back its workers up. As a result of the unusual spread of the
novel coronavirus (COVID-19), many organisations have implemented policies that allow
employees the freedom to work remotely. This shift to digital occurred practically
immediately.
Therefore, nobody was adequately ready for this—not the workers nor the bosses. Our lives
are unquestionably made easier by this. On the other hand, there is a perspective that worries
about the security risks associated with individual devices and networks. There is a lack of
compliance with the employer's security standards in the configuration of the home network
equipment. For that reason, there is more ground for attackers to cover. This study provides a
comprehensive analysis of the security concerns and difficulties encountered by both
employers and employees in the context of remote employment.
The cybersecurity risks that have surfaced throughout the epidemic are the primary focus of
this article. This piece of work depicts the difficulties that both employees and employers are
experiencing at the moment. Next, the article delves into the topic of the abrupt increase in
cyberattack volumes from January 2020 to March 2020. Additionally, the company's
assessment of key risks in both the on-site and remote work paradigms has been detailed. The
hazards that the COVID-19 affected planet may face in the not-so-distant future are then
detailed. Lastly, the article suggests a few methods that businesses might find a happy
medium between employee freedom and the safety of their assets.
2.3 Case examples of cyber security threats in India
The exponential growth of internet use in India in the late 90s and early 2000s heralded the
beginning of the country's digital revolution. Digital technology has become an integral part
34
of people's daily lives, thanks to technical breakthroughs and liberalised telecom legislation.
Cybersecurity has grown in importance due to the proliferation of online banking, e-
commerce, and government digitization. The need to protect vital infrastructure, financial
systems, and personal data prompted the creation of specific rules and the launch of
specialised institutions.
Attack on Cosmos Bank's Cybersecurity Data Breach in Pune
Cosmos Cooperative Bank was the victim of a severe cyberattack in August 2018 in Pune.
The perpetrators of the enormous financial breach used complex methods, such as malware
insertion and illicit transactions, to achieve their goals. Unauthorised withdrawals from
multiple accounts caused a great deal of financial hardship in the aftermath.
The significance of frequent security audits, strong authentication procedures, and real-time
monitoring in financial institutions was highlighted by this occurrence. When it comes to
protecting financial institutions from ever-changing cyber dangers, STL Digital is at the
forefront of the pack.
Second cyberattack: exposed Aadhaar information (2017–2018)
Multiple alarming data breaches involving Aadhaar, India's national biometric identity
system, occurred in 2017 and 2018. Aadhaar databases were among the targets of the
breaches, which also included the unauthorised disclosure of personal information on public
platforms. More than 1.1 billion people may have been vulnerable to fraud and identity theft
as a result of these breaches, making them very consequential. Names, residences, biometric
data, and, in certain instances, bank account details associated with Aadhaar were among the
stolen records. These hacks highlighted once again how important it is to take precautions to
protect people's private data in our increasingly digital society. STL Digital provides state-of-
35
the-art solutions to strengthen digital identity systems and promotes stringent data protection
protocols.
Attack #3 on Cybersecurity: WannaCry Ransomware (2017)
One of the worst cyberattacks ever was the WannaCry ransomware outbreak that happened in
May of 2017. Among the countries hit hardest by the WannaCry virus, India ranked third,
with over 2 lakh computer systems affected. Some businesses in Gujarat and Tamil Nadu
were among the banks in India that were targeted by this ransomware attack. This worldwide
cyberattack affected numerous important institutions, including financial institutions,
government bureaus, and healthcare providers. The assault encrypts files and demands
Bitcoin as ransom for their decryption, taking use of a security hole in older versions of
Windows. Unpatched systems were infected with the ransomware, which caused extensive
disruptions as it spread rapidly. The need of thorough backup systems, strong firewalls, and
frequent software updates in protecting against similar threats was highlighted by this attack.
The fourth cyberattack occurred in 2014 and focused on vital infrastructure.
With a string of focused cyber-attacks on vital infrastructure, cyber risks to India significantly
escalated in 2014. The electrical, telecommunications, and transportation systems that are
fundamental to the country's operation were the targets of this assault, which was carried out
by an organisation called Operation Crouching Yeti. Service interruptions or worse outcomes
might have resulted from the assaults, which sought to target weaknesses in the digital design
of the system. The cybersecurity solution offered by STL Digital lessens the likelihood of
vulnerabilities and attack surfaces.
Fifth Cyber Attack: Attacks against Demonetization (2016)
36
Cyberattacks on India increased after the country's massive demonetization in 2016, which
was a response to the country's new currency. Cybercriminals aimed to capitalise on the
financial uncertainties caused by the government's decision to invalidate high-value currency
notes. It is crucial to raise awareness about the importance of cybersecurity and take steps to
protect ourselves against phishing and other fake websites that target individuals and
financial institutions.
A heightened focus on cybersecurity awareness and procedures was in response to threats
related to demonetization, underscoring the crucial importance of people and businesses
being on high alert to protect their financial assets in an increasingly digital world. It is
becoming increasingly evident as we move through these watershed points in India's
cybersecurity history that the digital world is dynamic and fraught with threats that require
our constant vigilance. These occurrences are merely the tip of the iceberg. The cybersecurity
resilience of India has been permanently damaged by five additional major cyberattacks.
2.4 Security risks of remote working
Workers may unwittingly expose the company to possible assaults and other issues due to
inadequate cyber security procedures in the absence of a working office environment's secure
infrastructure. Listed here are a few of the most significant dangers associated with remote
employment.
An uptick in phishing attempts
Phishing attempts are one of the major dangers that companies face when their employees
work remotely. Hackers have gotten much better at using phishing to trick individuals into
giving over sensitive information by making themselves look like a trustworthy source. This
37
increases the risk that employees may provide critical information to the hacker because they
are unable to distinguish between these requests and legitimate work. With this knowledge in
hand, they can commit a plethora of crimes, such as account theft, identity fraud, and more.
This is a possibility in every business, but it becomes much more so when employees are
required to work from the comfort of their own home. This is because working alone
increases the importance of email communication. It's not as simple as walking up to a
coworker or boss in the office and asking if they sent that message or email. Educating staff
about the signs of a phishing attempt and the various anti-phishing tools available is the
greatest approach to reduce this risk.
Home devices without security
When employees work remotely, they often use their own devices rather than the ones given
by their employer. The security of personal computers and laptops is typically lower than that
of business systems, which can result in significant vulnerabilities and threats.
Companies that take cyber security seriously will most likely implement VPNs and other
single sign-on solutions. So long as only authorised devices are able to access the company
network, everything can be easily safeguarded. Yet, if an individual is merely doing a short
activity while working from home, they are unlikely to consider using a virtual private
network (VPN) or encryption software on their phone.
Transitioning from an office job to full or hybrid remote work can make you forget to
properly integrate the security elements you're accustomed to in your home setup. It's easy to
take these features for granted. Hackers now have a new vector to exploit, and it's not only
38
mobile devices like phones and laptops. Another potential physical risk is that sensitive
information may be exposed when remote workers print company documents using their
personal printers. This is because they may not have access to a shredder.
A lack of strength in passwords
Employees should use secure passwords on all of their devices when working remotely; this
is one of the easiest, yet frequently overlooked, ways to safeguard themselves.
Cybercriminals have an easy way to breach accounts and access confidential company data
due to human mistake, which is one of the major threats to remote work. There are various
methods that hackers can use to crack weak passwords.
To get in, they'll test a variety of passwords that are commonly used by employees and create
a list of them. When it comes to working from home, one of the biggest security risks is using
weak passwords or passwords that are reused. Once a hacker gains access to one account
using a weak password, they will most likely attempt the same password on other accounts.
The likelihood of a cyberattack increasing dramatically increases when employees reuse
passwords, particularly when doing so across both personal and work accounts.
General Data Protection Regulation and data security standards
Data security and the constant observance of GDPR are both made more difficult for
employers when employees work remotely. Any company worth its salt will take reasonable
precautions to safeguard customer information and will not knowingly allow data breaches to
occur.
This becomes much more difficult to accomplish when your staff members are operating
from a distance. Having a strong remote work policy that specifies which employees have
39
access to company servers, what data they should use, and how to use it is a solid method to
overcome this danger.
Video and webcam eavesdropping
A common component of remote work is the use of video conferencing tools like Zoom,
Teams, or similar platforms to keep staff linked and ensure regular communication.
Regrettably, hackers are well-aware of this and can devise methods to compromise webcams,
so interfering with online meetings. Because they can blend in with the crowd, they can
stealthily listen to the meeting and take notes on any sensitive topics that may be mentioned.
Then they can utilise those notes in another attack.
2.5 Steps undertaken to manage cybersecurity in India
In today's highly technological digital world, the best approach for organisations to protect
their IT infrastructure is to maintain sufficient cyber security measures. Both businesses and
government officials are being hurt by these threats. A cyber-secure environment can be
maintained and risks connected with cyber threats can be mitigated if the Indian government
takes action to strengthen cyber defences. There has been a steady rise in the frequency of
cyber security incidents. Using data compiled by India's computer emergency response team
(CERT-in), Mr. PP Choudhary, India's minister of state for electronics and IT, announced
that 4,4679, 49455, and 50362 cyber security incidents occurred in India in 2014, 2015, and
2016. The government has launched certain cyber security programmes, which will be
covered later on, but it needs to take even bolder steps to tackle the problem.
1. The Indian Computer Emergency Response Team (CERT-In) is one of the cyber security
initiatives undertaken by the Indian government.Cyber assaults on government networks have
40
decreased thanks to the development of the Indian Computer Emergency Response Team
(CERT-In), the national body responsible for cyber security.
2. Online Safety Bharat
In keeping with the government's goal of creating a "digital India," the Cyber Surakshit
Bharat programme has been launched by the Ministry of Electronics and Information
Technology (MeitY) with the aim of enhancing India's cybersecurity ecosystem. The
initiative benefited from the collaboration of the National Electronic Governance Division
(NeGD).
3. Lastly, the NCIIPC, or National Critical Information Infrastructure Protection Centre
With far-reaching implications for public health, economic development, and national
security, NCIIPC is a federal institution established to safeguard vital information about our
nation. According to NCIIPC, the following are the most important "critical sectors": Energy
and Power Banking, Insurance, and Financial Services, telecommunications, public sector,
and government
4. Selecting Heads of Information Security
App, infrastructure, and compliance security best practices are detailed in a new document
produced by the Indian government for chief information security officers (CISOs) of
government organisations. The role of the chief information security officer (CISO) is to
anticipate and record any security needs that may develop in response to new technological
developments.
5. Protecting Individual Privacy
The Union Government's ratification of the Personal Data Protection Bill, which prioritises
data localization and aims to safeguard Indian users from global breaches, is the most crucial
one for Indian citizens. The bill's provisions solely address the processing and storage of
sensitive personal data pertaining to Indian citizens. It specifies that sensitive personal
41
information should be kept locally, but under some circumstances, it can be processed
elsewhere. Additionally, the law seeks to hold social media corporations to a higher standard
of accountability and encourage them to address the issue of inappropriate information.
6. "Cyber Swachhta Kendra" (Centre for Malware Analysis and Botnet Cleaning)
Part of the Indian government's Digital India initiative, the "Digital Swachhta Kendra"
(Botnet Cleaning and Malware Analysis Centre) aims to ensure a safe online environment for
all Indians by detecting botnet infections and providing guidance, cleaning tools, and end-
user security measures to ward off new infections. It is overseen by the Ministry of
Electronics and Information Technology (MeitY).
To achieve the objectives of the "National Cybersecurity Policy," which mandates the
establishment of a safe cybernetic ecosystem in the nation, the "Cyber Swachhta Kendra"
(Botnet Cleaning and Malware Analysis Centre) was established.
Collaboration and cooperation between the centre, ISPs, and antivirus/product manufacturers
is strong.
In order to assist users in safeguarding their systems and devices, the website offers both
information and tools. As per the provisions of Section 70B of the Information Technology
Act of 2000, the Indian Computer Emergency Response Team (CERT-In) hosts this facility.
2007. The 2013 National Cyber Security Policy. For the benefit of individuals, companies,
and the government alike, the Policy seeks to establish a robust and secure cyberspace.
By coordinating the efforts of institutional structures, people, processes, and technology, the
objective is to safeguard cyberspace information and infrastructure, build resilience to
cyberattacks, and minimise damage. With the help of training, education, and capacity
building, we want to produce 500,000 qualified cybersecurity experts in the next five years.
Strengthen law enforcement's capacity to detect, investigate, and prosecute cybercrime
through the proper legislative action.
42
In order to tackle cyber security challenges and enhance their national implementation,
experts have proposed the establishment of a National Cyber Security Agency (NCSA). It is
anticipated that the agency will have personnel on hand who are technically adept and
capable of encrypting platforms. Another step is to establish the National Cyber Coordination
centre, which will serve as an electronic surveillance agency and coordinate the intelligence
collection efforts of several departments.
43
Chapter 3
Methodology
3.0 Introduction
The selection of appropriate methodology to conduct the research in context of the identified
research problems is necessary to reach objective based outcomes (Bergh and Ketchen,
2009). The current chapter deals with the identification of the most suitable research
paradigm, approach, design, data collection and analysis method that is applicable to resolve
the research questions. According to Saunders et al. (2009), research methodology involves
the research study of the research topic and thus complete and analyse the research process in
details. Researcher in this research carry out the detailing and analysis process through
collecting the data and thus in accordance to it relate it and analyse the collected data through
the process of research methodology.
Researcher in this process implements various concepts and theories in the research, which
help the researcher to analysis the research topic in a far better way. Thus, researcher
methodology helps the researcher to implement these various theories and concepts and thus
to analyse the research topic in a more detailing way. Implementation of various theories and
concepts also help the researcher in the research methodology to analyse the corporate social
responsibility in ensuring the sustainability of the business operations globally (Bergh and
Ketchen, 2009). Though however, research methodology sometimes leads to an error which
may sometimes leads to a limits to the researcher to carry out the research process in detail.
3.1 Methods outline
The type of investigation carried out in the current research is descriptive that helps to
conduct a comprehensive study. The choice of research philosophy is positivism and the
research process implemented is deductive approach. Positivism paradigm and deductive
44
reasoning help to test the exiting theories with the help of empirical data obtained through
primary research. Primary data is collected by implementing mixed method, i.e. combination
of quantitative data collection. The research strategy to collect quantitative data was survey
questionnaire distributed to 100 employees of Dell Company.
3.2 Research Onion
Layers in the research onion developed by Saunders et al. (2009), provide a systematic
framework to carry out the research in an orderly manner. Harrison and Reilly (2011) argue
that the research onion gives a generic research process that helps the researcher to resolve
underpinning issues of making choices for data collection methods and strategies. Unfolding
each layer of the onion step by step, helps to reach the core. The stages in the research onion
start with the identification of most suitable philosophies in the epistemological standpoint,
followed by approaches whether deductive or inductive, strategies such as surveys, case
studies, action research to choose from. The next layer talks about choices to be made,
whether to use mono, mixed or multi methods. In order to proceed with the choices made, it
is necessary to develop a time frame in the form of time horizons and carry out either a cross
sectional research or a longitudinal study. The final layer of the research onion provides the
data collection and data analysis to be followed and obtain the findings to get the outcome.
45
Figure 1: Research Onion
(Source: Saunders et al. 2009)
As illustrated in the above diagram, research onion helps in study of each layer of research
techniques that will enable better research and more information for the result analysis. A
researcher needs to follow each layer of research onion so that a structured procedure is
adopted for the research process.
3.3 Research Paradigm/Philosophy
46
Philosophy
Interpretivis
Realism Positivism
m
Epistemology deals with the nature of knowledge perceived by the researcher as to what is
acceptable knowledge. Positivism, interpretivism and realism are the key paradigms that
constitute the philosophical standpoint of epistemology. Positivism philosophy assumes that
material facts already exist in the universe and just need to be analysed using scientific
method (Freshwater, 2007). Positivism supports academic studies that are formed on the basis
of social realities in a methodical system that replicates the process as used in accepted
science. Interpretivism is an anti-positivist theory, and assumes that social research cannot be
simply tested using scientific research. On the other hand, realism assumes that objects that
exist in the universe can be felt by the human senses but are not dependent on human acuity
and perception. Pragmatism is a different research philosophy that argues that research can be
conducted using the positivist and the interpretivism approach.
Positivism supports objective based studies and extensive data testing using scientific process
(Doman, 2011, p265). As opposed to positivism, the philosophy of interpretivism supports
subjective based studies where in-depth qualitative analysis can be carried out. Hence,
quantitative analysis obtained by interacting with survey from employees of Dell company.
Hence, positivism philosophy has been implemented to conduct this research.
47
3.3.1 Justification for selecting positivism
Positivism assumes that the purpose of scientific research is to uncover the truth and make is
possible to predict and control. It supports objective based studies using scientific principles
as used in natural sciences. Interpretivism is a philosophy that is subjective and socially
constructed through human reasoning and perceptions, and does not involve data testing.
Interpretivism is considered weak for the study because human reasoning and arguments
cannot be feasible to test the existing theories and reach suitable outcomes. Positivism is
considered appropriate for the current study as it align well with the deductive process as
applied in this research so as to test existing theories with the help of data collected through
empirical research.
3.4 Research Approach
The selection of research approach, whether inductive or deductive depends on the nature of
the research topic and the complexity of the problems identified. Inductive process is a theory
building approach that starts with observation and data collection, formulating tentative
hypothesis, analysing the collected data and finally the development of new knowledge
(Freshwater, 2007). As opposed to inductive approach, the deductive process starts with
extensive study of existing theories, followed by identification of research gaps and
hypothesis development, analysing the existing data using scientific methods and finally
testing the existing studies (Bryman and Bell, 2011).
48
Deductive approach follows a general to a specific process and narrows down theoretical
knowledge after testing. However, inductive approach follows a specific to a general process
and extends conceptual knowledge to develop a new theory.
Deductive approach is a theory testing process, which helps to test existing theories and
conceptual models with the help of empirical data obtained from primary research. On the
other hand, inductive approach is a theory building process where the research starts with
careful observation of phenomena, followed by hypothesis development and confirmation
(Meyers and Woerkom, 2014).
3.4.1 Justifying the use of deductive approach
Deductive approach is appropriate for the research as broad literature comprising of
theoretical models are tested with the help of first-hand/empirical data obtained through
surveys and interview, i.e. primary data. Inductive approach is not suitable for the study
because the scope for new theory development is very limited due to the fact that social
media theories and brand identity are common areas of study in the field of cyber security
related research (Huxham and Vangen, 2008). Moreover, the inductive process makes
extensive use of secondary data analysis and quantitative data interpretations, which are not
extensively used in this research. New knowledge developed on the basis of primary research
findings such as observations may not always be underpinning and could be subject to
criticisms (Saunders et al. 2009). Hence, in order to avoid any complexity due to new
knowledge development the inductive approach is avoided and testing existing theories,
following deductive approach is found feasible to carry out the research.
In the current research, the use of inductive approach cannot be made as this approach is
supported by interpretivism and qualitative data analysis.
3.5 Research Design
49
The major types of research designs used in an academic research are in form of exploratory,
explanatory and descriptive. Exploratory design is followed when the research problems are
not completely clear to the researcher and it helps to obtain peripheral information relating to
the area under study (Bryman and Bell, 2011). This design only provides a base level
knowledge that may be utilised to develop a research hypothesis.
On the other hand, explanatory design helps to establish relationship between variables while
explaining ‘cause and effect’ relationship (Denzin and Lincoln, 2011). Descriptive design
helps to carry out an extensive research and explore the answers to the identified research
problems from several dimensions such as what?, Why?, Who?, How? and When?.
Research Design
Exploratory Explanatory Descriptive
Figure 7: Research Design
(Source 7: Saunders et al. 2009, pp-52)
3.5.1 Justification for choosing descriptive design
In case of research design, the descriptive investigation will consider as it helps in providing
the broader perspectives of the research to the researcher and after following this, the
50
researcher can develop their own reasoning and the ideas. It helps in giving the detailed
analysis and also the useful description about the topic (Meyers and Woerkom, 2014,
pp.202). Exploratory research is not found to be suitable for understanding the volatility of
exchange rates and its impact on business because it will only help to give a marginal
information. Similarly, explanatory research will only help to establish the relationship
between the key research variables instead of in-depth qualitative analysis.
Descriptive research design is found to be suitable for the study because the nature of the
problems in this research is clearly identified and defined. The current research has formal set
of objectives and uses a mixed method towards data collection, which is supported by
descriptive design. Exploratory design is considered weak for the study because obtaining
background information will not be adequate enough to resolve the research issues.
Using descriptive research, the various areas that impact cyber security is identified which
helps to will be investigated from multiple dimensions.
3.6 Data collection
The accurate result achievement for a research topic is largely dependent on the derivation of
relevant and significant data through application of correct and most suitable data collection
procedures (Onwuegbuzie and Leech, 2009, p. 376). In order to undertake a properly
51
formatted and standard research work, this research adopts the method of applying both
primary and secondary data collection procedures.
3.6.1 Secondary data collection
The secondary data collection is executed prior to the primary data collection method.
Secondary data regarding the cyber security and remote work are retrieved from the relevant
journals, articles, books and magazines. In order to refine the research and make it more
informative and current data enriched, website contents are also accessed. As put forward by
Toloie-Eshlaghyet al. (2011, p. 108), going through the secondary data enable the deep and
clear understanding and knowledge gaining regarding the concerned topic. It thus develops
the researcher’s base knowledge to conduct an efficient primary data collection procedure
and analysis by aligning the results with the theoretical concepts and base created through the
learning from the secondary data.
3.6.2 Primary data collection
Primary data collection procedure is executed after an efficient secondary data collection and
study. Selection of the appropriate sample, size and questions is aided by the knowledge
developed through secondary data analysis. Primary data is retrieved from the selected
sample population through implementation of appropriate procedures. Based on forms in
which data is collected, Lodico and Spaulding (2010, p. 11) divided the primary data into two
significant groups as quantitative data and qualitative data. Analysis of this data and its
alignment with the secondary data provides with the accurate result derivation for the
research.
3.7 Methods of data collection
Data collection methods used in a research is in terms of qualitative and quantitative data
collection. Each type of data collection technique can be discusses as follows –
52
Quantitative data collection – Figurative data collected through quantitative data research
strategy can be statistically interpreted and analysed using scientific principles. Denzin and
Lincoln (2011) explain that quantitative data supports the use of numerical explanation and
puts across a strong sense of objective based study.
Survey questionnaire –survey questionnaire provides a cost effective, simple and a
convenient method of gaining access to respondents spread over a wide geographical area. In
the current primary research, questionnaire was distributed to at 100 employees of Dell
company, using the online questionnaire distribution technique. The pattern of the
questionnaire in the survey was structured, closed ended and emphasised on the employees’
acuity about social media participation. The questions focused on the type of social media
tools and sites that the employees of Dell Company followed, the nature of content they
shared and the social events organized by the company in which they participated. The main
motive behind survey was to understand how far the employees were convinced by the
relationship cyber security strategy of Dell Company in order to engage employees, and build
trust.
Initially the questionnaire was sent to 150 employees online that formed the sample frame.
Out of these 150, at the end of one week, 120 surveys were received back, while the rest were
either ignored or sent incomplete. To meet the sample target of 100 employees and maintain
simplicity in the calculation, the first 100 surveys were considered.
3.8 Data Analysis
Numerical response obtained through questionnaire was converted into percentage with the
application of Ms Excel tool. The converted data was represented in the form of graphical
charts and tables to present the findings in an easy and understandable manner.
Rich, in-depth and empirical information obtained from the interviews were recorded in the
form of transcripts since digital recording was not permitted. The transcripts were interpreted
53
to analyse the qualitative data and the findings were explained in context of the literature
review and the identified research problems.
3.9 Sampling
The use of probability sampling, simple random strategy was used to sample the 100
employees of Dell pvt ltdto take part in the survey. Probability sampling gives equal
opportunity to each element in the chosen population, equal chance to be selected for
participation (Onwuegbuzie and Leech, 2009). It avoids any element of biasness and is a cost
effective method of sample selection.
3.9.1 Sampling Technique
Sample considered for studying branding and its impact on employees decision-making
process are smaller in number that can suit the criteria of the research topic. The sample for
employees of Dell pvt ltd was simple random probability sampling where no criteria for
selection were considered. With the help of online questionnaire, employees were asked for
participation where survey was performed based on Likert’s scale rating from 1 to 5. 0. It
ranges from close ended options like agree, disagree, strongly agree, neutral and disagree as
well as rare, often, never, always and frequently.
3.9.2 Sample Size
The sample size is divided into two forms for qualitative and quantitative technique. For
studying the quantitative research techniques, 101 employees of Dell Company were
considered and were interacted with the help of online questionnaire forms. As no qualitative
data were selected so no interviews were considered. Thus, the total sample size of the
research study is 100, comprising both the qualitative and quantitative forms.
3.10 Time schedule (Gantt chart)
54
Any research topics are either longitudinal or cross-sectional in nature, depending upon the
time allotment considered for research for a particular topic. In the present research, cross-
sectional study is adopted that has limited time-period so application of Gantt chart is
considered for easy completion of the research work. Saunderset al. (2009) stated that Gantt
chart helps in segregating the key tasks as per the structure of the study and helps in better
completion of the topic.
Main activities 1st week 2nd week 3rd week 4th+5th week 6th week 7th week
Selection of the
topic
Composition of the
literature review
Research
methodology
Collection of
primary data
Analysis and
interpretation of
data
Findings
Conclusion and
Recommendation
Final submission
3.11 Ethics
55
 In order to uphold ethical principles, it is imperative that inquiries and possible
answers be presented in a manner that is impartial and devoid of any form of
manipulation. Perform comprehensive pilot testing in order to detect and address any
possible biases. To verify the integrity of the survey data, employ neutral language
and refrain from asking leading questions.
 Beneficence: Make every effort to optimise the advantages that the survey can
provide for both the respondents and the wider society. Precisely delineate the
prospective favourable consequences, including the enhancement of products or
services within the two-wheeler sector. By upholding this ethical consideration, the
survey guarantees that it functions with significance and delivers benefits to all parties
engaged in it.
 Demonstrate Respect for Cultural Sensitivities: Ensure that the survey is culturally
sensitive by acknowledging and respecting the cultural diversity of the participants.
During the survey design phase, refrain from making assumptions predicated on
cultural stereotypes and contemplate seeking guidance from experts or representatives
representing diverse cultural backgrounds. This practise guarantees that the survey
acknowledges and conforms to the cultural values held by every participant.
 Ethical survey conduct necessitates the provision of transparent reports that are
devoid of any form of manipulation. It is imperative to transparently acknowledge any
potential conflicts of interest and deliver an exhaustive, impartial account of the
survey findings. Transparent reporting enhances the credibility and trustworthiness of
the research process.
 The implementation of a feedback mechanism is critical in ensuring the ethical
conduct of surveys. It is imperative to establish a means for participants to voice their
opinions or concerns regarding the survey methodology. In order to exhibit
56
responsiveness to participant requirements, it is essential to provide contact
information for a designated point of contact who can promptly address any inquiries
or concerns raised by participants.
 Ensuring Compliance with Ethical Guidelines: It is imperative to adhere to ethical
guidelines established by authoritative bodies, professional organisations, and legal
obligations; this is a fundamental ethical consideration. It is essential to acquaint
oneself with the ethical principles that govern survey research and to uphold these
principles at all times during the survey process, ensuring that compliance is
impeccable.
57
Chapter 4
Data Analysis
1. How often do you work remotely?
 Always
 Frequently
 Occasionally
 Rarely
 Never
Frequency Percent Valid Percent Cumulative Percent
Never 15 14.9 14.9 14.9
Frequently 22 21.8 21.8 36.6
Occasionally 22 21.8 21.8 58.4
Rarely 19 18.8 18.8 77.2
Always 23 22.8 22.8 100.0
25.0 22.8
21.8 21.8
18.8
20.0
14.9
15.0
Percent
10.0
5.0
0.0
Frequency of Remote Work:
58
The data shows a varied frequency of remote work among respondents.
The largest group, 22.8%, reported to working remotely always.
Following that, the distribution is relatively even among the other categories: never (14.9%),
frequently (21.8%), occasionally (21.8%), and rarely (18.8%).
2. What devices do you use for remote work?
 Company-provided laptop/desktop
 Personal laptop/desktop
 Company-provided smartphone/tablet
 Personal smartphone/tablet
 At cyber hubs
Frequency Percent Valid Percent Cumulative
Percent
Company- 24 23.8 23.8 23.8
provided
laptop/desktop
Personal 17 16.8 16.8 40.6
laptop/desktop
Company- 17 16.8 16.8 57.4
provided
smartphone/tablet
Personal 21 20.8 20.8 78.2
smartphone/tablet
At cyber hubs 22 21.8 21.8 100.0
59
100
21.8
78.2
20.8
21
57.4
16.8
40.6
16.8
23.8
23.8
0 20 40 60 80 100 120
Cumulative Percent Valid Percent

Percent Frequency
Laptop/Desktop Usage:
Company-provided laptops/desktops are the most commonly used devices for remote work,
with 23.8% of respondents using them. Personal laptops/desktops follow closely behind, with
16.8% of respondents using their own devices.
Smartphone/Tablet Usage:
Both company-provided and personal smartphones/tablets are utilized by a similar number of
respondents, with 16.8% and 20.8% respectively. This suggests that a significant portion of
individuals use mobile devices for remote work tasks.
Cyber Hubs:
A considerable proportion (21.8%) of respondents use cyber hubs for remote work. These
could be shared workspaces or dedicated facilities equipped with necessary infrastructure for
remote work.
Cumulative Percent:
Up to "Company-provided laptop/desktop": 23.8%
Up to "Personal laptop/desktop": 40.6%
Up to "Company-provided smartphone/tablet": 57.4%
Up to "Personal smartphone/tablet": 78.2%
60
Up to "At cyber hubs": 100.0%
3. How frequently is the cybersecurity training provided?
 Monthly
 Quarterly
 Annually
 Only at onboarding
 Never
Monthly 19 18.8 18.8 18.8
Quarterly 15 14.9 14.9 33.7
Annually 17 16.8 16.8 50.5
Only at on boarding 23 22.8 22.8 73.3
Never 27 26.7 26.7 100.0
19%
27%
15%
23%
17%
Regular Training:
Monthly and Quarterly training options, which occur more frequently, account for 33.7%
(18.8% + 14.9%) of responses. This suggests that a significant portion of organizations
provide cybersecurity training on a regular basis.
61
Less Frequent Training:
Annually and Only at onboarding options, which occur less frequently, account for 39.6%
(16.8% + 22.8%) of responses. This indicates that a considerable number of organizations
offer cybersecurity training less frequently.
No Training:
The Never option represents 26.7% of responses, indicating that a notable proportion of
respondent’s state that their organization never provides cybersecurity training.
4. How satisfies are you with your organisation’s steps undertaken for cyber security best
practices?
 Satisfied
 Dissatisfied
 Neutral
 Strongly Satisfied
 Strongly Dissatisfied
Satisfied 15 14.9 14.9 14.9
Dissatisfied 22 21.8 21.8 36.6
Neutral 22 21.8 21.8 58.4
Strongly Satisfied 19 18.8 18.8 77.2
Strongly Dissatisfied 23 22.8 22.8 100.0
62
25.0 22.8
21.8 21.8
18.8
20.0
14.9
15.0
Percent
10.0
5.0
0.0
Agree Disagree Neutral Strongly Strongly
agree disagree
Satisfied (14.9%) and Strongly Satisfied (18.8%):
Combined, these groups make up 33.7% of the respondents, indicating that about a third of
the respondents are satisfied with their organization's cybersecurity practices.
Strongly Satisfied respondents (18.8%) outnumber those who are merely Satisfied (14.9%),
suggesting a significant portion of the workforce has a high level of confidence in their
organization's cybersecurity measures.
Dissatisfied (21.8%) and Strongly Dissatisfied (22.8%):
Combined, these groups make up 44.6% of the respondents, indicating that nearly half of the
respondents are not satisfied with their organization's cybersecurity practices.
Strongly Dissatisfied respondents (22.8%) slightly outnumber those who are merely
Dissatisfied (21.8%), suggesting that dissatisfaction is more pronounced for some employees.
Neutral (21.8%):
A notable portion of respondents (21.8%) are neutral, indicating they neither strongly agree
nor disagree with the adequacy of their organization's cybersecurity measures. This group
might need more information or experience to form a strong opinion.
Cumulative Percent:
Up to "Satisfied": 14.9%
63
Up to "Dissatisfied": 36.6%
Up to "Neutral": 58.4%
Up to "Strongly Satisfied": 77.2%
Up to "Strongly Dissatisfied": 100.0%
5. Is it important to use a Virtual Private Network (VPN) when working remotely?
- Always
- Frequently
- Occasionally
- Rarely
- Never
Occasionally 20 19.8 19.8 19.8
Never 15 14.9 14.9 34.7
Always 26 25.7 25.7 60.4
Rarely 16 15.8 15.8 76.2
Frequently 24 23.8 23.8 100.0
Always (25.7%):
The largest group, 25.7% of respondents, believe that it is important to always use a VPN
when working remotely. This indicates a strong awareness of the need for consistent use of
VPNs for security.
Frequently (23.8%):
23.8% of respondents think it is important to frequently use a VPN. Combined with the
"always" group, 49.5% of respondents regularly use a VPN, reflecting a significant
recognition of its importance.
64
Occasionally (19.8%):
19.8% of respondents use a VPN occasionally. This group recognizes some importance of
VPNs but may not use them consistently.
Rarely (15.8%):
15.8% of respondents rarely use a VPN, indicating a lower level of perceived importance or a
lack of understanding of the benefits of regular VPN use.
Never (14.9%):
14.9% of respondents never use a VPN when working remotely. This group either does not
see the importance of using a VPN or may lack the knowledge or resources to do so.
24 23.8 23.8 100
16 15.8 15.8 76.2
26 25.7 25.7 60.4
15 14.9 14.9 34.7
20 19.8 19.8 19.8
0 20 40 60 80 100 120 140 160 180 200
Frequency Percent
Valid Percent Cumulative Percent
6. What are all perceived risks of cyber security while working remotely?
- Phishing
- Eavesdropping
- Unsecured wifi
- DDOs attacks
- Unattended system access
Phishing 12 11.9 11.9 11.9
65
Eavesdropping 29 28.7 28.7 40.6
Unsecured wifi 14 13.9 13.9 54.5
DDOs attacks 25 24.8 24.8 79.2
Unattended system access 21 20.8 20.8 100.0
Eavesdropping (28.7%):
Eavesdropping is perceived as the highest risk, with 28.7% of respondents identifying it as a
significant concern. This indicates a strong awareness of the dangers associated with
unauthorized interception of communications.
DDoS Attacks (24.8%):
Distributed Denial of Service (DDoS) attacks are perceived as a major risk by 24.8% of
respondents. This reflects concerns about the potential disruption of services due to targeted
attacks on network infrastructure.
Unattended System Access (20.8%):
The risk of unattended system access is identified by 20.8% of respondents. This highlights
worries about physical security and the potential for unauthorized access to devices when left
unattended.
Unsecured Wi-Fi (13.9%):
Unsecured Wi-Fi is perceived as a risk by 13.9% of respondents. This indicates awareness of
the vulnerabilities associated with using insecure wireless networks, which can be exploited
by attackers.
Phishing (11.9%):
66
Phishing is perceived as a risk by 11.9% of respondents. Although it is the least identified
risk in this survey, it still represents a significant concern, reflecting awareness of deceptive
attempts to obtain sensitive information
100
20.8
20.8
21
79.2
24.8
24.8
25
54.5
13.9
13.9
14
40.6
28.7
28.7
29
11.9
11.9
11.9
12
0 20 40 60 80 100 120
Cumulative Percent Valid Percent

Percent Frequency
7. Do you think Multi-factor authentication (MFA) for accessing work-related accounts?
- Agree
- Disagree
- Moderate
- Strongly Agree
- Strongly disagree
Strongly agree 21 20.8 20.8 20.8
Agree 25 24.8 24.8 45.5
Moderate 20 19.8 19.8 65.3
Disagree 19 18.8 18.8 84.2
Strongly disagree 16 15.8 15.8 100.0
Strongly Agree (20.8%) and Agree (24.8%):
67
Combined, these groups make up 45.6% of the respondents, indicating that nearly half of the
respondents believe that Multi-factor Authentication (MFA) is important for accessing work-
related accounts.
Moderate (19.8%):
A significant portion of respondents (19.8%) have a moderate view, indicating that they
recognize the value of MFA but may not see it as critically important as those who strongly
agree or agree.
Disagree (18.8%) and Strongly Disagree (15.8%):
Combined, these groups make up 34.6% of the respondents, suggesting that a substantial
number of respondents do not believe that MFA is important for accessing work-related
accounts.
100
Cumulative 65.3
Percent 45.5
20.8
15.8
Valid Percent 19.8
24.8
20.8
15.8
Percent 19.8
24.8
20.8
16
Frequency 20
25
21
0 20 40 60 80 100 120
8. Do you think it is important to regularly back up your work data for preventing cyber
threats?
- Agree
- Disagree
- Neutral
- Strongly Agree
68
- Strongly disagree
Agree 23 22.8 22.8 22.8
Disagree 19 18.8 18.8 41.6
Neutral 22 21.8 21.8 63.4
Strongly agree 20 19.8 19.8 100.0
120
100
100
80.2
80
63.4
60
41.6
40
2322.8
22.8
22.8 2221.8
21.8 2019.8
19.8
1918.8
18.8 1716.8
16.8
20
0
Agree Disagree Neutral Strongly agree Strongly
disagree
Frequency Percent
Agree (22.8%) and Strongly Agree (19.8%):
Combined, these groups make up 42.6% of the respondents, indicating that a significant
portion of the respondents believe it is important to regularly back up work data to prevent
cyber threats.
Combined, these groups make up 35.6% of the respondents, suggesting that a considerable
number of respondents do not believe that regularly backing up work data is important for
preventing cyber threats.
Neutral (21.8%):
69
A notable portion of respondents (21.8%) are neutral on the issue, indicating they might not
have a strong opinion or are unsure about the importance of regularly backing up work data
for preventing cyber threats.
9. Does using strong, unique password for Wi-Fi helps in strengthening the network?
- Agree
- Disagree
- Neutral
- Strongly Agree
- Strongly disagree
Disagree 20 19.8 19.8 19.8
Agree 22 21.8 21.8 41.6
Strongly agree 23 22.8 22.8 64.4
Neutral 16 15.8 15.8 80.2
120
100
100
80.2
80
64.4
60
41.6
40
2019.8
19.8
19.8 2221.8
21.8 2322.8
22.8 2019.8
19.8
20 1615.8
15.8
0
Agree Disagree Neutral Strongly agree Strongly
disagree
Frequency Percent
70
Combined, these groups make up 44.6% of the respondents, indicating that a significant
portion of the respondents believe that using a strong, unique password for Wi-Fi does help in
strengthening the network.
Combined, these groups make up 39.6% of the respondents. This suggests that a considerable
number of respondents do not believe that using a strong, unique password for Wi-Fi
strengthens the network.
Neutral (15.8%):
A notable portion of respondents (15.8%) are neutral on the issue, indicating they might not
have a strong opinion or are unsure about the effectiveness of using a strong, unique
password for Wi-Fi.
10. Is it safe and ethical is it to open email coming of untrusted source during working hours?
- Agree
- Disagree
- Neutral
- Strongly Agree
- Strongly disagree
Agree 23 22.8 22.8 22.8
Disagree 19 18.8 18.8 41.6
Neutral 19 18.8 18.8 60.4
Strongly agree 25 24.8 24.8 100.0
71
100
Cumulative 75.2
Percent 60.4
41.6
24.8
14.9
Valid Percent 18.8
18.8
24.8
14.9
Percent 18.8
18.8
25
15
Frequency 19
19
0 20 40 60 80 100 120
Strongly disagree Strongly agree Neutral

Disagree Agree
Combined, these groups make up 47.6% of the respondents, which indicates that nearly half
of the respondents believe it is safe and ethical to open emails from untrusted sources during
working hours.
Combined, these groups make up 33.7% of the respondents. This suggests that about a third
of the respondents believe it is neither safe nor ethical to open emails from untrusted sources
during working hours.
Neutral (18.8%):
A significant portion of respondents (18.8%) are neutral on the issue, indicating they might
not have a strong opinion or are unsure about the safety and ethics of opening such emails.
72
Chapter 5
Findings
- When asked about their opinions on pluralism, the biggest single group was those
who strongly agreed that opening emails from unknown senders while on the clock is
both safe and ethical (24.8%).
- Nearly half of all respondents (47.6%) either agree or strongly agree, which means
that many people may be unaware of the dangers of accepting attachments from
unknown senders.
Majority: 33.7% disagree or strongly disagree, showing that a sizeable minority is
cognizant of and worried about the dangers.
- The fact that 18.8% of people are not sure or don't know what this practice means
implies that there is still a lot of mystery surrounding it.
- 42.6% of respondents agree or strongly agree that it is important to regularly back up
work data for preventing cyber threats. This suggests that nearly half of the
respondents recognize the importance of regular data backups.
- 35.6% of respondents disagree or strongly disagree, indicating a substantial minority
do not see the importance of regular data backups for cyber threat prevention.
- 21.8% of respondents are neutral, suggesting a lack of strong opinion or
understanding of the role of data backups in cybersecurity.
- The largest portion (22.8%) is those who strongly agree that using a strong, unique
password for Wi-Fi strengthens the network. In total, 44.6% agree or strongly agree
with this statement.
- 39.6% of respondents disagree or strongly disagree, indicating a substantial minority
do not believe in the effectiveness of strong, unique passwords for Wi-Fi security.
73
- 15.8% of respondents are neutral, suggesting a lack of strong opinion or
understanding of the impact of Wi-Fi password strength on network security.
- 45.6% of respondents either strongly agree or agree that MFA is important for
accessing work-related accounts. This suggests that almost half of the respondents
understand the importance of MFA in securing their accounts.
- 19.8% of respondents have a moderate stance, indicating they see some importance in
MFA but might need more convincing about its critical role in cybersecurity.
- The fact that 26.7% of respondents indicate that their organization never provides
cybersecurity training is concerning, as regular training is crucial for maintaining
awareness and preparedness against evolving cyber threats.
Suggestions
To greatly lessen the likelihood of a costly and, at times, catastrophic cyberattack targeting
remote work settings, organisations should implement the following security management
best practices:
Set up the most fundamental safeguards. "Make sure you have your security fundamentals
nailed down," warned McKinnon. Keep track of your assets, for instance. There are already a
lot of security concerns with remote work, so it's important that you let your staff know about
and fully comprehend your policies. Additional fundamental measures suggested by experts
include connecting to company systems through virtual private networks (VPNs), installing
antivirus software on all devices connected to the company network, enforcing a strong
password policy that mandates separate passwords for each website, encrypting sensitive
data, and avoiding employee devices when sharing files online.
Boost the company's programme for protecting and securing data. "Know where your digital
information is, what information you're collecting, where your crown jewels are stored and
what you're doing to protect the data," said Reynolds. He was among those who argued that
74
security executives should provide in-depth data security awareness training to staff members
so that they can better protect sensitive information no matter where they are on the job. That
is an essential component of establishing a more comprehensive cybersecurity culture within
a company.
Set up a robust programme for managing vulnerabilities. Cybersecurity procedures for remote
workers are further strengthened by good vulnerability management. Reduce the total number
of unpatched vulnerabilities that attackers could exploit by swiftly addressing the
vulnerabilities that pose the highest risks using a risk-based approach. Better protection of IT
assets that attackers target can be achieved through attack surface management initiatives.
Set up a system that requires no trust at all. Before gaining access to any company network,
application, or data set, any remote user or device should be required to prove their
authorization. Using a zero-trust security strategy, all IT systems are inaccessible by default
and only the ones that authenticated users need to access can be accessed.
Use UBA tools to analyse user behaviour. One essential part of the zero-trust architecture is
UBA, which is also known as user and entity behaviour analytics (UEBA). Using data
science and machine learning, the system can determine how a user normally accesses
company networks and then alerts administrators to any unusual behaviour that may suggest
a breach in security.
Make sure you have the right settings and access to the cloud. One of the most common
reasons for security problems in public cloud infrastructure is misconfigurations. To ensure
that a remote work environment is not exposed to dangers during cloud migration and
operation, security teams should collaborate with IT operations professionals to eradicate any
faults, gaps, or errors. In addition, they need to implement reasonable restrictions on user
access to cloud-based services.
75
Because of the increased security concerns connected with remote work, existing policies and
procedures need updating. To keep up with the ever-changing security threats that impact
remote and hybrid workplaces, CISOs, their teams, and data privacy and information
technology experts must regularly review and update their organization's security policies,
processes, and measures. Examples of measures that IT administrators should do to better
manage access to corporate chat services that Skoudis mentioned include enabling multi-
factor authentication for chat, providing a way for employees to report questionable chat
activity, and blocking worker access when they leave the firm. Before remote work was the
norm, he said, those things weren't usually a top focus.
Facilitate personal relationships and face-to-face meetings. According to Skoudis, companies
should make it possible for remote and hybrid workers to meet face-to-face, especially during
the onboarding process, and to develop relationships with their supervisors and coworkers.
Remote users may be better able to spot social engineering attempts and be more vigilant in
general if they have these kinds of connections, which might improve the organization's
security.
Conclusion
If there is a well-defined framework in place, employees can benefit much from working
remotely; however, it is critical that they all know their specific responsibilities when it
comes to mitigating security threats. By following the tips for secure remote working the
companies can get follow the tips such as:
- Make use of password managers—these tools can assist remote workers in creating
and remembering secure passwords for all of their accounts.
- To lessen the likelihood of a cyberattack while working remotely, set up multi-factor
authentication. This will add an additional degree of protection to your accounts.
76
- Promote the usage of virtual private networks (VPNs) among staff members. VPNs
are rapidly gaining popularity among remote workers due to their ability to encrypt
data transmitted over the internet. This ensures that they can maintain the same level
of security, functionality, and look as if they were connected to the company network.
- Make sure your remote employees know their roles and responsibilities when they're
not in the office by outlining specific rules and expectations for working remotely. In
order to mitigate the aforementioned dangers to an acceptable level, the policy should
cover the essentials of internet security.
77
References
Hijji, M. & Alam, G., 2022. Cybersecurity Awareness & Training (CAT) framework for
remote working employees. Sensors, 22(22), p.8663.
Borkovich, D.J. & Skovira, R.J., 2020. Working from home: Cybersecurity in the age of
COVID-19. Issues in Information Systems, 21(4).
Okereafor, K. & Manny, P., 2020. Underst&ing cybersecurity challenges of telecommuting
& video conferencing applications in the COVID-19 p&emic. Journal Homepage:
http://ijmr. net. in, 8(6).
Bispham, M., Creese, S., Dutton, W. H., Esteve-Gonzalez, P., & Goldsmith, M. (2021,
August). Cybersecurity in working from home: An exploratory study. In TPRC49: The 49th
Research Conference on Communication, Information and Internet Policy.
Nyarko, D. A., & Fong, R. C. W. (2023, January). Cyber security compliance among remote
workers. In Cybersecurity in the Age of Smart Societies: Proceedings of the 14th
International Conference on Global Security, Safety and Sustainability, London, September
2022 (pp. 343-369). Cham: Springer International Publishing.
Nwankpa, J.K. & Datta, P.M., 2023. Remote vigilance: The roles of cyber awareness and
cybersecurity policies among remote workers. Computers & Security, 130, p.103266.
Bispham, M., Creese, S., Dutton, W. H., Esteve-Gonzalez, P., & Goldsmith, M. (2021,
August). Cybersecurity in working from home: An exploratory study. In TPRC49: The 49th
Research Conference on Communication, Information and Internet Policy.
Weil, T., & Murugesan, S. (2020). IT risk and resilience—Cybersecurity response to
COVID-19. IT professional, 22(3), 4-10.
Pandya, L.B., Cyber Security" When Working From Home. Emerging Trends in Commerce
& Management, p.36.
78
Malecki, F. (2020). Overcoming the security risks of remote working. Computer fraud &
security, 2020(7), 10-12.
Georgiadou, A., Mouzakitis, S. and Askounis, D., 2022. Working from home during COVID-
19 crisis: a cyber security culture assessment survey. Security Journal, 35(2), pp.486-505.
Ramadan, R. A., Aboshosha, B. W., Alshudukhi, J. S., Alzahrani, A. J., El-Sayed, A., &
Dessouky, M. M. (2021). Cybersecurity and Countermeasures at the Time of
Pandemic. Journal of Advanced Transportation, 2021, 1-19.
Khan, M., Gide, E., Chaudhry, G., & Hasan, J. (2022, December). A Cybersecurity
Evaluation Model (CSEM) for Indian SMEs Working in a Virtual Team Environment.
In 2022 IEEE Asia-Pacific Conference on Computer Science and Data Engineering
(CSDE) (pp. 1-6). IEEE.
Dutta, N., Jadav, N., Tanwar, S., Sarma, H. K. D., & Pricop, E. (2022). Cyber Security:
Issues and Current Trends. Springer.
Senapati, S. and Bharathi, S.V., 2023, May. An Empirical Study on the Information Security
Threats Due to Remote Working Environments. In International Conference on Information
Science and Applications (pp. 19-37). Singapore: Springer Nature Singapore.
Soni, V., Kukreja, D., & Sharma, D. K. (2020, December). Security vs. flexibility: Striking a
balance in the pandemic era. In 2020 IEEE International Conference on Advanced Networks
and Telecommunications Systems (ANTS) (pp. 1-5). IEEE.
79
Appendix
Questionnaire
1. How often do you work remotely?
 Always
 Frequently
 Occasionally
 Rarely
 Never
2. What devices do you use for remote work?
 Company-provided laptop/desktop
 Personal laptop/desktop
 Company-provided smartphone/tablet
 Personal smartphone/tablet
 At cyber hubs
3. How frequently is the cybersecurity training provided?
 Monthly
 Quarterly
 Annually
 Only at onboarding
 Never
80
4. How satisfies are you with your organisation’s steps undertaken for cyber security best
practices?
 Satisfied
 Dissatisfied
 Neutral
 Strongly Satisfied
 Strongly Dissatisfied
5. Is it important to use a Virtual Private Network (VPN) when working remotely?
- Always
- Frequently
- Occasionally
- Rarely
- Never
6. What are all perceived risks of cyber security while working remotely?
- Phishing
- Eavesdropping
- Unsecured wifi
- DDOs attacks
- Unattended system access
7. Do you think Multi-factor authentication (MFA) for accessing work-related accounts?
- Agree
81
- Disagree
- Moderate
- Strongly Agree
- Strongly disagree
8. Do you think it is important to regularly back up your work data for preventing cyber
threats?
- Agree
- Disagree
- Neutral
- Strongly Agree
- Strongly disagree
Agree 23 22.8 22.8 22.8
Disagree 19 18.8 18.8 41.6
Neutral 22 21.8 21.8 63.4
Strongly agree 20 19.8 19.8 100.0
9. Does using strong, unique password for Wi-Fi helps in strengthening the network?
- Agree
- Disagree
- Neutral
- Strongly Agree
- Strongly disagree
82
10. Is it safe and ethical is it to open email coming of untrusted source during working hours?
- Agree
- Disagree
- Neutral
- Strongly Agree
- Strongly disagree
83

A Project On A Study of Cybersecurity Strategies in The Age of Remote Work Submitted by - Submitted To - Enrollment No - Project Code

Uploaded by

Copyright:

Available Formats

A Project On A Study of Cybersecurity Strategies in The Age of Remote Work Submitted by - Submitted To - Enrollment No - Project Code

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A Project On A Study of Cybersecurity Strategies in The Age of Remote Work Submitted by - Submitted To - Enrollment No - Project Code

Uploaded by

Copyright:

Available Formats

A

NMIMS Global Access

successful completion of this research project on the “A STUDY OF CYBERSECURITY

STRATEGIES IN THE AGE OF REMOTE WORK”

insights and support have been instrumental in completing this project.

knowledge and experiences have been invaluable.

management and information technology have been instrumental in shaping my research

completing this project successfully.

completion of this research project.

individuals alike must be knowledgeable of critical security guidelines. In March 2020,

has used for a personal email or social media account.

1.1 Company profile.............................................................................................................18

1.2 Objective of the study.....................................................................................................18

1.3 Limitation of the study...................................................................................................19

1.4 Scope of the study..........................................................................................................20

1.5 Significance of the study................................................................................................22

1.6 Statement of the problem................................................................................................22

2.2 Review of existing Literature.........................................................................................24

2.3 Case examples of cyber security threats in India...........................................................34

2.4 Security risks of remote working...................................................................................37

2.5 Steps undertaken to manage cybersecurity in India.......................................................39

3.1 Methods outline..............................................................................................................43

3.2 Research Onion...............................................................................................................44

3.3.1 Justification for selecting positivism.......................................................................47

3.4 Research Approach.........................................................................................................47

3.4.1 Justifying the use of deductive approach.................................................................48

3.5 Research Design.............................................................................................................48

3.5.1 Justification for choosing descriptive design...........................................................49

3.6 Data collection................................................................................................................50

3.6.1 Secondary data collection........................................................................................51

3.6.2 Primary data collection............................................................................................51

3.7 Methods of data collection.............................................................................................51

3.8 Data Analysis..................................................................................................................52

3.9.1 Sampling Technique................................................................................................53

3.9.2 Sample Size..............................................................................................................53

3.10 Time schedule (Gantt chart)......................................................................................53

situations provide a number of cybersecurity threats. Cybersecurity threats such as phishing,

it is important to understand what cyber security is:

accessibility of data stored in digital formats.

Important parts of cybersecurity consist of:

company's data, systems, and networks.

have a set of rules and regulations in place.

Controlling who has access to what in a system or database depends on a number of

elements, including user roles, privileges, and authentication methods.

The process of encrypting data using cryptographic algorithms renders it unintelligible to

firewalls and intrusion detection/prevention systems. These systems restrict unauthorised

access and suspicious activities.

Cybersecurity incidents, such as data breaches or system intrusions, necessitate the

establishment of processes and policies for detection, response, and recovery.

PCI DSS, and ISO 27001) is essential.

short, a multidisciplinary field.

Some important features of working remotely are:

through this flexibility.

organisations typically use to enable real-time communication.

Performance Evaluation: New approaches to evaluating the efficiency and effectiveness of

their work hours, tasks, and project milestones.

right kind of help, tools, and communication plans.

Connection between cybersecurity and remote work

dependence on information and communication technologies brought about by the shift to