Cybersecurity Of Work From Anywhere Model For Government : A Systematic Literature Review
DOI:
https://doi.org/10.62146/ijecbe.v3i1.113Keywords:
Work From Anywhere (WFA), Cybersecurity Best Practices, Remote Work PolicyAbstract
Presidential Regulation No. 21 of 2023 grants Indonesian civil servants (ASN) location flexibility, creating cybersecurity challenges that institutions and authorities have yet to fully address. Existing frameworks such as ISO 27001 and NIST provide only general remote work guidelines, lacking specific recommendations for the Work From Anywhere (WFA) model. This gap poses significant risks to data security and government operations, particularly as cyber incidents reported by the National Cyber and Crypto Agency of Indonesia (BSSN) continue to rise. The 2023 Indonesian Cybersecurity Landscape report recorded 347 suspected cyber incidents, including data breaches and the exposure of over 1.6 million records on the darknet, affecting numerous stakeholders. This study employs a Systematic Literature Review (SLR) to identify cybersecurity threats associated with remote work and explore effective mitigation techniques. The findings reveal five primary threats classified into two categories: human-centric threats (social engineering attacks, insider threats, and human errors) and technology-centric threats (malware-based and network attacks). To address these threats, the study identifies four key best practice themes: Awareness and Education, Phishing Protection, Technical Countermeasures, and Management and Audit. These themes provide a structured approach to enhancing cybersecurity in WFA environments. The results of this study serve as valuable input for formulating policy and technical guidelines to implement WFA in government settings. Future research should explore supply chain security, integration of WFA with on-site operations, cultural factors in security compliance, and governance frameworks to enhance cybersecurity resilience in government WFA environments.
References
Peraturan Presiden Republik Indonesia Nomor 21 Tahun 2023 Tentang Hari Kerja Dan Jam Kerja Instansi Pemerintah Dan Pegawai Aparatur Sipil Negara. Republik Indonesia, 2023.
International Business Machines (IBM). Cost of a Data Breach Report 2024. IBM Security, 2024.
Badan Siber dan Sandi Negara (BSSN). Lanskap Keamanan Siber Indonesia 2023. Id-SIRTII/CC–BSSN, 2023.
Keputusan Menteri Keuangan Republik Indonesia Nomor 223/KMK.01/2020 Tahun 2020 Tentang Implementasi Fleksibilitas Tempat Bekerja (Flexible Working Space) Di Lingkungan Kementerian Keuangan. Kementerian Keuangan Republik Indonesia, 2020.
National Institute of Standards and Technology (NIST). The NIST Cybersecurity Framework (CSF) 2.0. Gaithersburg, MD: National Institute of Standards and Technology, 2024.DOI: 10.6028/NIST.CSWP.29.
International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements. 2022.
P .Choudhury, C. Foroughi and B. Larson, “Work From Anywhere: The Productivity Effects of Geographic Flexibility,” Strategic Management Journal 42, no. 4, pp. 655–683, Apr. 2021.
Eurofound and the International Labour Organization. Working Anytime, Anywhere: The Effects on the World of Work. Geneva, CH: Publications Office of the European Union: Luxembourg, 2017.
National Institute of Standards and Technology (NIST). User’s Guide to Telework and Bring Your Own Device (BYOD) Security. Gaithersburg, MD: National Institute of Standards and Technology, 2016. DOI: 10.6028/NIST.SP.800-114r1.
National Institute of Standards and Technology (NIST). Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security. Gaithersburg, MD: National Institute of Standards and Technology, 2016. DOI: 10.6028/NIST.SP.800-46r2.
M. Mahyoub, A. Matrawy, K. Isleem and O. Ibitoye, “Cybersecurity Challenge Analysis of Work-from-Anywhere (WFA) and Recommendations guided by a User Study,” arXiv preprint arXiv:2409.07567, 2024.
R. Klint. Cybersecurity in home-office environments: An examination of security best practices post Covid. SE: University of Skövde, 2023.
L. Galajda. A study of information security awareness on teleworking security risks and recommendations since Covid19 pandemic. SE: Luleå University of Technology, 2023.
S. Gumilang, R. Sutanto and A. G. Dohamid, “Security Standard Recommendation of Teleworking in Government,” International Journal Of Humanities Education And Social Sciences (IJHESS), Vol. 2(6), pp. 2070-2077. 2023.
B. Kitchenham, Procedures for Performing Systematic Reviews, Keele, UK: Keele University, 2004.
J. Jesson, L. Matheson and F. M. Lacey, Doing Your Literature Review: Traditional and Systematic Techniques, London, UK: SAGE Publications Ltd, 2011.
M. J. Page, et al. BMJ 2021;372:n71. doi: 10.1136/bmj.n71.
C. Wohlin, Guidelines for snowballing in systematic literature studies and a replication in software engineering, in: Proc. 18th Int. Conf. Eval. Assess. Softw.Eng. - EASE 14, pp. 110. 2014.
R. T. Watson and J. Webster, “Analysing the past to prepare for the future: Writing a literature review a roadmap for release 2.0,” Journal of Decision Systems, Vol. 29(3), pp. 129–147. 2020.
R. Naidoo, “A multi-level influence model of COVID-19 themed cybercrime,” European Journal of Information Systems (EJIS). Vol. 29(3). pp.306-321. 2020.
A. M. Abukari and E. K. Bankas, “Some Cyber Security Hygienic Protocols For Teleworkers In Covid-19 Pandemic Period And Beyond,” International Journal of Scientific and Engineering Research (IJSER). Vol. 11(4). pp.1401-1407. 2020.
R. Palanisamy, A. A. Norman, and M. L. Mat Kiah, “BYOD Security Risks and Mitigation Strategies: Insights from IT Security Experts,” Journal of Organizational Computing and Electronic Commerce. Vol. 31(4). pp.320-342. 2021.
N. A. A. Othman, A. A. Norman, and M. L. Mat Kiah, “Information System Audit for Mobile Device Security Assessment,” 3rd International Cyber Resilience Conference (CRC). IEEE Access. 2021.
A. Mihailovic, J. C. Smolovic, I. Radevis, N. Rasovic and N. Martinovic, “COVID-19 and Beyond: Employee Perceptions of the Efficiency of Teleworking and Its Cybersecurity Implications,” Journal Sustainability. 13, 6750. 2021.
L. Astaja, D. Rūtītis, S. Deruma and E. Aksjoņenko, “Cyber Security Risks and Challenges in Remote Work Under The COVID-19 Pandemic,” 16th International Strategic Management Conference (ISMC). European Proceedings of Social and Behavioural Sciences. pp.12-22. 2021.
J. R. C. Nurse et. al., “Remote Working Pre- and Post-COVID-19: An Analysis of New Threats and Risks to Security and Privacy,” In: Stephanidis, C., Antona, M., Ntoa, S. (eds) HCI International 2021 - Posters. Communications in Computer and Information Science, vol 1421. Springer. pp.583–590. 2021.
K. Bicakci, Y. Uzunay and M. Khan, “Towards Zero Trust: The Design and Implementation of a Secure End-Point Device for Remote Working,” International Conference on Information Security and Cryptology (ISCTURKEY). IEEE Access. 2021.
D. Gogri, “Threats and Mitigation Strategies in Remote Work Scenarios: A Cybersecurity Perspective Post - COVID-19,” International Journal of Science and Research (IJSR). Vol. 11(1). pp.1687-1694. 2022.
A. Georgiadou, S. Mouzakitis and D. Askounis, “Detecting Insider Threat via a Cyber-Security Culture Framework,” Journal of Computer Information Systems. Vol. 62(4). pp.706-716. 2022.
N. Khantamonthon and K. Chimmanee, “Digital Forensic Analysis of Ransomware Attacks on Virtual Private Networks: A Case Study in Factories,”6th International Conference on Information Technology (InCIT). IEEE Access. 2022.
S. M. Pedapudi and N. Vadlamani, “A Comprehensive Network Security Management in Virtual Private Network Environment,” International Conference on Applied Artificial Intelligence and Computing (ICAAIC). IEEE Access. 2022.
M. Kaur, S. Parkin and M. Janssen, “I needed to solve their overwhelmness: How System Administration Work was Affected by COVID-19,” Proc. ACM on Human-Computer Interaction, Vol. 6 (CSCW2). pp.390. 2022.
M. Plachkinova and L. Janczewski, “Comparing Information Security Compliance Between New Zealand, USA, and Vietnam,” Journal of Computer Information Systems. pp.1-16. 2023.
S. Keshvadi, “Enhancing Western Organizational Cybersecurity Resilience through Tailored Education for Non-Technical Employees,” International Humanitarian Technology Conference (IHTC). IEEE Access. 2023.
Q. Alsayfi and A. Alsirhani, “The Impact of Remote Work on Corporate Security,” 3rd International Conference on Computing and Information Technology (ICCIT). IEEE Access. 2023.
P. Soubhagyalakshmi and K. S. Reddy, “An efficient security analysis of bring your own device,” IAES International Journal of Artificial Intelligence (IJ-AI). Vol. 12(2). pp.696-703. 2023.
V. V. Muthuswamy, “Cyber Security Challenges Faced by Employees in the Digital Workplace of Saudi Arabia's Digital Nature Organization,” International Journal of Cyber Criminology. Vol. 17(1). pp.40-53. 2023.
J. K. Nwankpa and P. M. Datta, “Remote vigilance: The roles of cyber awareness and cybersecurity policies among remote workers,” Computers & Security. Scopus. Vol. 130. 2023.
L. R. Mohan, R. K. Sambandam and R. Gokulapriya, “Cached-N-Proxy: An Intelligent Proxy Algorithm for Preventing Insider Email Threats to Mail Servers,” International Conference on Contemporary Computing and Communications (InC4). IEEE Access. 2024.
B. V. Raghav, N. S. Sree and S. Pamitha, “A Comprehensive Analysis on Online Masquerade Attacks,” 3rd International Conference on Applied Artificial Intelligence and Computing (ICAAIC). IEEE Access. 2024.
A. Fikry et. al., “Defining the Beauty of Cyber Hygiene: A Retrospective Look,” IEEE Engineering Management Review, Vol. 52(2). IEEE Access. 2024.
R. Palanisamy, A. A. Norman and M. L. Mat Kiah, “Employees’ BYOD Security Policy Compliance in the Public Sector,” Journal of Computer Information Systems. Vol. 64(1). pp.62-77. 2024.
P. V. Falade and P. O. Momoh, “Evaluating the Permissions of Monitoring Mobile Applications for Remote Employees: Analysing the Impact on Employer Trust and Employee Privacy Concerns,” International Journal of Scientific Research in Computer Science and Engineering. Vol. 12(1). pp.42-52. 2024.
M. Ozer et. al., “The Shifting Landscape of Cybersecurity: The Impact of Remote Work and COVID-19 on Data Breach Trends,” Computer Science, Computer Engineering, & Applied Computing (CSCE). IEEE Access. 2024.
E. P. Subagyo and K. Ramli, “Analyzing the Impact of Information Security Awareness Training to the Employees of Telco Company XYZ,” Budapest International Research and Critics Institute (BIRCI-Journal). Vol. 5. pp.8799-8808. 2022.
R. B. Permadi and K. Ramli, “Analysis of Measuring Information Security Awareness for Employees at Institution XYZ,” MALCOM: Indonesian Journal of Machine Learning and Computer Science, Vol. 4. pp.1330-1338. 2024.
F. Mouton, L. Leenen, and H. S. Venter, “Social engineering attack examples, templates and scenarios,” Comput. Secur., vol. 59, pp.186–209. 2016.
H. Abroshan, J. Devos, G. Poels, and E. Laermans, “Phishing Happens beyond Technology: The Effects of Human Behaviors and Demographics on Each Step of a Phishing Process,” IEEE Access, vol. 9, pp.44928–44949. 2021.
J. Ferdous, R. Islam, A. Mahboubi, and MD. Z. Islam, “A Review of State-of-the-Art Malware Attack Trends and Defense Mechanisms,” IEEE Access, vol. 11, pp.12118–121141. 2023.
N. Hoque, M. H. Bhuyan, R. C. Baishya, D. K. Bhattacarryya and J. K. Kalita, “Network attacks: Taxonomy, tools and systems,” Journal of Network and Computer Applications, vol. 40, pp.307-324. 2014.
Cybersecurity & Infrastructure Security Agency (CISA). Defining Insider Threats. [Online]. Available: https://www.cisa.gov/topics/physical-security/insider-threat-mitigation/defining-insider-threats. 2024.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Electrical, Computer, and Biomedical Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
