With the release of the new Apple Vision Pros, virtual reality is garnering attention from all over the world. The product focuses on spatial computing, allowing users to conduct tasks usually done on their phones or computers in “space” by using their eyes, voice, and hands while wearing the headset.

As innovations like this become more mainstream and accessible, the question asks: What impact can seemingly “fun” or exciting VR innovations have on our business security? In this edition of our blog, we’ll be talking about VR and the biggest effects we’ll be seeing as new technologies emerge. 

What is virtual reality?

At its core, virtual reality is a computer-generated simulation of a three-dimensional environment, typically experienced through specialized headsets, creating a profound sense of presence in a digitally constructed world.

As of now, VR has mainly been used in the gaming and entertainment industry with VR headsets. However, you’ll find other applications used throughout the real estate industry (virtual tours), training simulations (ex. flight simulations), and retail stores (virtual try-ons). 

code for encryption

"It’s been a “super-fantastic” experience to see people learning and talking about security threats."

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

The pandemic also caused an increase in the use of VR, with virtual workplaces being used in place of face-to-face interactions.

As technology advances, virtual reality is likely to become more and more accessible. We may see more conferences or events happening using VR or design planning using spatial computing. Although we can’t exactly predict the future, we can still prepare for the potential impacts it will bring. 

The effects on organizations

Learning new legalities & policies

What is legal in virtual reality? What laws do you follow in the virtual world? These are huge questions that will need to be answered before any businesses should step foot into virtual reality. Interpol is already beginning to think about these issues, as they are considering implementing Interpol stations within virtual reality. 

What is technically illegal in the real world, may not be the same in the metaverse or a virtual space. So, before allowing your employees or before entering the world personally, consider what the rules are for the space you are entering. In the Interpol article, journalists recount being harassed in the virtual world, where evidence can be gone with a click. 

Consider rules in a smaller case: your business policies. Before allowing your employees to use VR in the workplace, ensure that you have the proper policies in place. For example, although you may want to use a virtual workspace to encourage employee connection, you may not want business data or conversations to be shared on this platform where data regulations are not certain. This will impact how your employees are allowed to act in this new world. 

Big changes for gamified training

The new technologies of virtual reality could offer a whole new realm of ways to simulate security awareness training modules. Imagine social engineering scenarios being practiced in a virtual reality conference simulation. By making the practice feel real, employees may have an easier time spotting these scammers in real situations. 

However, it’s important to note that virtual reality won’t be exciting for all employees. Some may find it intimidating and refuse to enter a virtual world. Others might not understand it and have a harder time finishing the training. Before implementing a huge change to your training strategy, have conversations with your team members. Ask them what they think of VR, what questions they have about it, and what they think about your current training. 

Additionally, not only will you have modules using VR, but you should also have modules on VR. As these technologies become more accessible and could potentially be used in your workplace, you’ll want to be proactive in training your employees. Consider planning a module on the best practices in virtual reality scenarios to prepare your employees for this situation.

Productivity impact

On the opposite side of the spectrum of not wanting to do the training, there are employees who will like virtual reality too much. If there’s anything we’ve realized through the advancement of social media, it’s that technology can become an addiction and therefore, a productivity reducer. 

Virtual reality could easily become the same. Whether it’s a virtual workplace, escape room security training, or a virtual training simulation, virtual reality could take away from your employee’s productivity if it is too expansive. To avoid this, make virtual reality limited. Instead of having an escape room for your security training where possibilities are endless, make the simulations have fewer choices, with fewer outcomes. This will ensure you still have the positive impacts of virtual reality without giving the possibility of overuse. 

Stronger environments for social engineering

The immersive nature of VR environments introduces a new ground for social engineering attacks. Using personal data, scammers can easily design their VR characters to look, talk, and act exactly like a trusted person or organization representative. The “reality” part of virtual reality also makes it seem like a trusted environment when it really shouldn’t be. Imagine a scenario where your “boss” comes up to you in your virtual workplace and asks for certain invoices to be paid to an email. It seems easier to trust a “face” than it does to trust a random email, doesn’t it?

On top of all this, virtual reality is also a decently new technology – and cyber criminals love new technology. It is the perfect environment where people make mistakes, don’t understand what’s happening, and tend to give in due to frustration. Scammers know this and will attempt to learn new trends before others in order to take advantage of newcomers. Businesses should be aware of this and ensure all employees get proper training before using these technologies. 

As businesses venture into the realm of virtual reality, it’s important to assess the security implications and address potential impacts. From learning new legalities and policies to adapting training methodologies and mitigating social engineering risks, a proactive approach is crucial. By staying informed, creating policies and training employees, organizations can harness the benefits of VR while protecting their data and people. 

Have questions about how to better protect your organization from these emerging threats? Our Director of Cyber Security Solutions, Ryan, can answer any of your questions in a free 1-on-1 Q&A

No sales, no pitches – Just expert security advice to help create a more positive and informed security culture.