Home and mobile working: common-sense security advice
Blog posted by: Nick Wilding, General Manager, Cyber Resilience, AXELOS and Head of RESILIA®, 24 March 2020.
The current coronavirus crisis has pushed ‘home and mobile working’ onto the front pages.
Self-isolation is critically important as we work towards preventing the rapid spread of the virus. But how can we isolate ourselves from a different threat whilst working remotely or at home - the threat from cyber-attackers who are exploiting this unprecedented time to take advantage of weaker security practices to carry out their attacks?
Many organizations will not be prepared for the additional security risks that home and mobile working can bring. These include:
- The loss or theft of any device or removeable media containing sensitive company information which will open-up new opportunities for attack
- ‘Shoulder surfing’ where you may be overlooked by someone when you’re working in public or your telephone calls are listened in to
- Lost or stolen devices that contain your user credentials (username, password or token) and can be used to compromise services or information stored in the device
- Tampering where an attacker could insert malicious software or hardware on your device if it’s left unattended. This can result in inappropriate access to corporate networks and information
- The physical risk of other members of your family gaining access to your devices and accidentally destroying or interfering with sensitive company information.
There are some simple and common-sense things we can all do to reduce these risks:
- SECURE your device by setting a screen lock with a PIN, strong password or complex pattern
- LOCK the screen on your laptop or device whenever you are not using it
- STORE your device safely and make sure it’s not in public view
- Make sure you have strong PASSWORDS for each device and never reveal them to others
- Stay VIGILANT to the theft of devices through pickpocketing, snatching or burglary
- HIDE laptops, tablets or phones from full view in unattended cars or bags in public
- Ideally keep devices away from FAMILY members – for example there may be pressure from children to use work devices to access online school material or simply to use the internet.
- REFAMILIARIZE yourselves with your organization's policies on home and mobile working.
…and if you’re working on valuable and sensitive company information at home or remotely, then:
- AVOID using unsecured Wi-Fi hotspots
- If available ALWAYS use your company’s secure VPN (Virtual Private Network) for all internet use while out and about
- Use software to allow the REMOTE LOCKING OR WIPING of a lost or stolen device
- Use GPS-based features that allow you to locate the device if it’s stolen and then turned on
- DO NOT STORE sensitive company information on devices and delete local copies when you have finished viewing them
- Always use company devices in an ethical manner and comply with your organization’s ACCEPTABLE USE POLICY.
Finally, we all need to make ourselves aware of what to do if any device is lost or stolen devices – early reporting is important and will help to minimise any risks to company data. We all must have the insight to know what to do next and the confidence to tell others quickly to minimize the threat your organization might face.
Remember: Stop, Think and Be Safe
Read Nick Wilding's previous AXELOS Blog Post on the coronavirus and cybersecurity, Beware coronavirus phishing attacks: Stop, Think and Be Safe.
Latest News from
Establishing the basics of cyber resilience02/04/2020 10:20:00
Blog posted by: Dancel Dela Cruz – Business Continuity Lead, Information Security Group at a FinTech company, 01 April 2020.
Best practice for managing organizational risk01/04/2020 13:20:00
Blog posted by: Allan Thomson – PPM Product Ambassador, AXELOS, 31 March 2020.
Why your project needs continued business justification – or could get the axe30/03/2020 13:20:00
Blog posted by: John Edmonds – PPM Portfolio Development Manager, AXELOS, 27 March 2020.
ITIL 4 Information security and risk management practices: embedding safety culture and behaviour27/03/2020 10:20:00
Blog posted by: Radoslaw Gnat – Information Security Expert, GSK, 26 March 2020.
Beware coronavirus phishing attacks: Stop, Think and Be Safe20/03/2020 10:20:00
Blog posted by: Nick Wilding, General Manager, Cyber Resilience, AXELOS and Head of RESILIA, 20 March 2020.
Two vital programme management principles for success18/03/2020 10:20:00
Blog posted by: Pedro Bertacchini – Senior associate, PwC – Operate, 17 March 2020.
Scrum and project management practices: working together to deliver value faster16/03/2020 10:20:00
Blog posted by: Steven Deneir – Professional Scrum Trainer and Scrum Master, 13 March 2020.
Exam Top Tips: Preparing for your ITIL and PRINCE2 Foundation Exam13/03/2020 13:20:00
Blog posted by: Amy Metcalfe and Craig Smith, AXELOS Publications Team, 12 March 2020.