Home and mobile working: common-sense security advice
Blog posted by: Nick Wilding, General Manager, Cyber Resilience, AXELOS and Head of RESILIA®, 24 March 2020.
The current coronavirus crisis has pushed ‘home and mobile working’ onto the front pages.
Self-isolation is critically important as we work towards preventing the rapid spread of the virus. But how can we isolate ourselves from a different threat whilst working remotely or at home - the threat from cyber-attackers who are exploiting this unprecedented time to take advantage of weaker security practices to carry out their attacks?
Many organizations will not be prepared for the additional security risks that home and mobile working can bring. These include:
- The loss or theft of any device or removeable media containing sensitive company information which will open-up new opportunities for attack
- ‘Shoulder surfing’ where you may be overlooked by someone when you’re working in public or your telephone calls are listened in to
- Lost or stolen devices that contain your user credentials (username, password or token) and can be used to compromise services or information stored in the device
- Tampering where an attacker could insert malicious software or hardware on your device if it’s left unattended. This can result in inappropriate access to corporate networks and information
- The physical risk of other members of your family gaining access to your devices and accidentally destroying or interfering with sensitive company information.
There are some simple and common-sense things we can all do to reduce these risks:
- SECURE your device by setting a screen lock with a PIN, strong password or complex pattern
- LOCK the screen on your laptop or device whenever you are not using it
- STORE your device safely and make sure it’s not in public view
- Make sure you have strong PASSWORDS for each device and never reveal them to others
- Stay VIGILANT to the theft of devices through pickpocketing, snatching or burglary
- HIDE laptops, tablets or phones from full view in unattended cars or bags in public
- Ideally keep devices away from FAMILY members – for example there may be pressure from children to use work devices to access online school material or simply to use the internet.
- REFAMILIARIZE yourselves with your organization's policies on home and mobile working.
…and if you’re working on valuable and sensitive company information at home or remotely, then:
- AVOID using unsecured Wi-Fi hotspots
- If available ALWAYS use your company’s secure VPN (Virtual Private Network) for all internet use while out and about
- Use software to allow the REMOTE LOCKING OR WIPING of a lost or stolen device
- Use GPS-based features that allow you to locate the device if it’s stolen and then turned on
- DO NOT STORE sensitive company information on devices and delete local copies when you have finished viewing them
- Always use company devices in an ethical manner and comply with your organization’s ACCEPTABLE USE POLICY.
Finally, we all need to make ourselves aware of what to do if any device is lost or stolen devices – early reporting is important and will help to minimise any risks to company data. We all must have the insight to know what to do next and the confidence to tell others quickly to minimize the threat your organization might face.
Remember: Stop, Think and Be Safe
Read Nick Wilding's previous AXELOS Blog Post on the coronavirus and cybersecurity, Beware coronavirus phishing attacks: Stop, Think and Be Safe.
Latest News from
Conducting virtual training sessions12/08/2020 13:20:00
Blog posted by: Alexious Mudzingwa – VP-Implementation & Services Manager at Bank of America, Merrill Lynch Merchant Services Ltd (Europe), 11 August 2020.
Safety cultures and happy employees07/08/2020 10:20:00
Blog posted by: Mark Smalley – ITIL 4 Lead Editor, 06 August 2020.
Resilience and confidence in project management06/08/2020 13:20:00
Blog posted by: Allan Thomson – PPM Product Ambassador, AXELOS, 05 August 2020.
My to-do list for service management in the new normal05/08/2020 13:20:00
Blog posted by: David Barrow – ITSM consultant, 04 August 2020.
Adapting to the new normal with project management03/08/2020 13:20:00
Blog posted by: Duncan Wade – Director, The Human Interface Consultancy, 31 July 2020.
How to manage a service desk during a pandemic30/07/2020 13:20:00
Blog posted by: Alice Negbenose – Project editor, AXELOS, 29 July 2020.
How ITIL 4 DSV concepts helped a brewery during lockdown28/07/2020 13:20:00
Blog posted by: David Billouz – Founder, Ociris and ITIL Ambassador, 28 July 2020.
My top to-do list for the PMO in the new normal27/07/2020 13:20:00
Blog posted by: Emma Arnaz-Pemberton – director of consulting services, Wellingtone, 24 July 2020.