By Own Correspondent
GOVERNMENT ministries are at risk from cyber-attacks amid revelations the remote working exercise meant to curb the spread of Covid-19 was inadequately supported by proper security infrastructure to safeguard vital state information.
In a bid to curb the spread of Covid-19 in the workplace, the government, through the Public Service Commission (PSC) instructed all ministries to reduce the number of public officials reporting for duty to only 25%.
Line ministries were also ordered their rotate staff and not allow an employee to work from home for more than 14 consecutive days.
However, a snap survey by NewZimbabwe.com revealed civil servants working from home are at risk from cyber-attacks whose prevalence has been on the increase since the onset of Covid-19 last year.
This is due to the fact that the Zimbabwe government has not considered the need to build essential security protocols to protect ministries and other state agencies from internal and external security breaches.
“Remote working is associated with a plethora of dangers and in our context, the danger is too much,” said one public servant who spoke to NewZimbabwe.com on condition of anonymity.
“Our ministry, like many others has security protections courtesy of office systems like firewalls that monitor incoming traffic and keep out threats and blacklisted IP addresses, as well as secure internet routers with unique passwords. These are absent when the device is moved to a public internet which increases cyber-attack risks,” she added.
It has also emerged the government was not following procedures that ensure workers only take home cyber safe computers.
Analysts said before company laptops are used in a home setting, remote login software including Virtual Private Network (VPN) should be installed for safe connection to any employer infrastructure or cloud applications and systems.
The NewZimbabwe.com showed most civil servants working from home are using computers with very weak security systems in insecure home networks which increases the chances of cyber-attacks.
The shortage of laptops within ministries, which Cabinet noted in its recent meetings had led to public servants using their personal insecure devices to complete ministry tasks.
However, analysts raised concerns over the blurry lines between personal and professional lives.
“Criminals have found an increasingly lucrative path in ransomware attacks, in which a hacker breaks into a company or government’s network and seizes data or systems, demanding payment for their return,” said IT specialist, Fortune Nyamusa.
“The government risks losing money from hackers if it overlooks the danger posed by conflating personal and professional devices.”
The use of personal machines for government work also amplifies the danger posed by phishing emails.
Phishing is a cyber-attack that uses disguised email as a weapon to hoodwink the email recipient into believing that the message is something they need.
A click on a link or request to download an attachment will have fatal consequences.
In November 2020, an Australian company, Levitas Capital, lost US$8.7m to a cyber-attack and was forced to close when a senior executive clicked on a fraudulent Zoom invitation.
To curb the problem, analyst Kuda Chiwashira, said: “The government must ensure those working from home have adequate resources which allow them to use secure government laptops and devices which are subject to remote access security controls.
“This should include, at the very least, two-factor authentication, which will mitigate the risk of hackers gaining access to the ministry’s critical information through an employee’s personal account.”