Strengthening cyber security when working from home
As Coronavirus (COVID-19) continues to spread, more and more organisations are asking increasing numbers of employees to work from home. This presents several different cyber security challenges and risks for businesses whose day-to-day operations are usually office based, including challenges with using public Wi-Fi networks and a potential increase in public phishing attacks.
Indeed, UK organisations have already begun to see Coronavirus-themed phishing emails with infected attachments containing fictitious 'safety measures.' These criminal campaigns use the changes in working patterns as an opportunity to expand phishing campaigns and other activities, knowing more people are working from home and might be more vulnerable to cyber-attacks. The NCSC is urging businesses and the public to consult its online guidance, including how to spot and deal with suspicious emails as well as mitigate and defend against malware and ransomware.
Furthermore, as employees work in different environments their cyber risk profiles change, with some using a wider range of personal devices and/or working in public spaces. All organisations need to proactively investigate these risks and identify ways by which common risks can be mitigated against in the coming period. There are several common risks which many organisations will need to be manage including:
- Increases in phishing activity and cyber-crime: without quick in-person access to IT support colleagues some employees are likely to be more vulnerable to phishing attacks;
- Public Wi-Fi networks: some publicly accessible Wi-Fi networks are not suitable for use when working, particularly if accessing sensitive/personal data;
- Loss of devices/credentials: devices which are lost or stolen are a threat to the wider security of organisations, particularly credentials and login details are kept in close proximity in open files or written down;
- Using more personal devices: employees working remotely are more likely to use personal devices which are not always configured with the same security protections as work machines;
- Working in public spaces: sensitive data, printed or on screen, is more vulnerable when employees are working in public places like coffee shops etc.
There are a number of things organisations can do to mitigate against these threats. Most of them are simple and should be easy to implement despite office closures. The seven measures below are easy to implement and should go some way to help organisations protect employees working remotely.
- Ensuring easy remote access IT support during working hours.
- Giving regular, clear advice, based on official guidance, to all employees around issues like phishing, with identified points of contact for employees with queries.
- Utilising two-factor authentication on company portals and CRM systems, as per NCSC advice.
- Requiring all devices being used by employees to have sufficient security software protection with regular updates.
- Implementing clear policies around what communication channels the organisation is likely to use to disseminate sensitive company data.
- Banning the use of public Wi-Fi networks without sufficient security controls.
- Limiting work in public spaces where possible.
Companies should proactively seek the latest guidance from Government organisations around cyber threats and challenges throughout the outbreak, most notably the National Cyber Security Centre.
Latest News from
£3m to fund new wave of Artificial Intelligence for the Military15/01/2021 16:25:00
techUK members have won funding as part of the DASA Intelligent Ship Phase 2 competition.
Defence Digital and techUK publish joint list of signatories to collaboration Code of Practice15/01/2021 13:33:00
Following the recent launch of a new Code of Practice for collaboration, techUK and Defence Digital are delighted to share a joint list of MOD and industry signatories to the code.
Avon and Somerset Police Proof of Concept (PoC)15/01/2021 11:25:00
Guest Blog: Phillip Ridley, Senior Business Development Consultant at 1Spatial and 'Interoperability in Policing' Working Group member shares his recent work with Avon & Somerset Police in the world of spatial data.
Ofcom report: Technology Futures14/01/2021 16:05:00
The UK's communications regulator Ofcom has published a new report, Technology Futures, that shines a spotlight on the innovative, emerging technologies that could shape the communications industry in the future.
5G Create trials to utilise Open RAN14/01/2021 11:25:00
The UK Government’s 5G Testbeds and Trials Programme has announced the latest projects to receive funding for innovative new uses of 5G, following the 5G Create competition.
Digital Ethics Summit 2020 Day One- Lessons to be learnt from 202011/01/2021 14:25:00
Summary of day one at techUK's Digital Ethics Summit 2020.
Digital Ethics Summit 2020 Day Two- Moving Forward in 202111/01/2021 13:33:00
Summary of day two at techUK's Digital Ethics Summit 2020.
Contribute a case study to techUK’s landmark digital twins report!11/01/2021 09:15:00
techUK is aiming to kick-off 2021 in style with the release of a landmark report ‘Unlocking value across the UK’s digital twin ecosystem’.