Employees working from home increase the risk of entry by cyber criminals. Courtesy of Freestocks

The COVID-19 pandemic has forced companies to pay special attention to matters of safety and security to keep their employees healthy and avoid the possible spread of the virus on-site. This has led many companies to having their employees work from home whenever possible, as well as drastically reducing the number of workers present on-site to a bare minimum.

The physical distancing of employees, while addressing concerns of their physical health, has created complications in a completely different aspect of safety: cyber security. With employees working from home on their personal computers, the possible angles of attack for cyber criminals has increased.

“Absolutely, companies are more exposed at this time,” Andrew Brewer, CEO of CMS Consulting – a Canadian firm specializing in cyber security – told CIM Magazine. “Every remote worker is now a separate risk to the company. Each home environment is different, and with so many of them and [the pandemic] happening so suddenly it’s like a perfect storm for companies, not to mention a free-for-all for the bad guys. I don’t envy companies that did not plan ahead.”

For an industry as traditionally analog as mining, cyber security might not sound like an issue worth being concerned about, especially during a global health crisis. However, according to Brewer, gaps in a company’s cyber security can result in significant financial damage and can even compromise the safety of its workers.

“The mining industry is unique in its complexity, the value of its data, the type of equipment, the scale of the operations and the nature of the environment that is being operated in,” Brewer said. “The data that a mining company has is very expensive with respect to money and time to obtain and of great value to the company moving forward. Losing this data to a cyber spy could mean serious financial damage to the company and its shareholders.”


Related: Know how to protect your company’s information from cyberattacks


“Another point is that when you are underground moving large objects through small spaces, you require complex critical communication infrastructure to ensure everything runs efficiently and most of all safely,” he continued. “If a threat actor got control of that, it would create a very dangerous environment for those working underground.”

With the rise of automated machinery and Internet-connected mines, mining companies have already increased their risk of cyber-attack. With what Brewer refers to as the “threat surface” increasing even more with employees working remotely, the danger is even greater.

In a newsletter sent out to its members, Global Mining Guidelines Group (GMG) referred to the novel coronavirus as “possibly the largest cyber security threat of all time.” GMG recommended that its members “step up their cyber hygiene standards” by ensuring their modems and devices are digitally and physically protected by invasion and by teaching employees to avoid clicking on suspicious emails and links, how to patch and update their systems and to avoid working outside any official channels or devices if possible.

GMG also recommended that companies implement a business continuity plan (BCP), a contingency plan in the event of the emergency, if they have not already done so. Additionally, companies will need to learn how to “stratify, prioritize and outsource information security operations” during this time of remote working and tighter budgets.

For Brewer, cyber security must be managed from several different aspects of a company’s culture.

“First off, you need to know where you stand,” Brewer said. “Assess your current posture holistically from a security perspective. This has to include policy, process, people, technology and physical environment in which infrastructure is housed. [Once] you know what you are missing, get it fixed, follow best practices and have someone monitor for you.”

Additionally, says Brewer, it’s important that that “someone” be qualified to properly protect the company’s systems.

“There is a real talent shortage out there and assigning your IT team, or in some cases your ‘computer guy,’ to these tasks is just plain… Well, let’s just say I doubt any court would find it to be reasonable that someone who has so much at stake would believe something as complex and ever-changing as cyber security could be handled properly by people who are not experts.”