Strengthening cyber security when working from home
As Coronavirus (COVID-19) continues to spread, more and more organisations are asking increasing numbers of employees to work from home. This presents several different cyber security challenges and risks for businesses whose day-to-day operations are usually office based, including challenges with using public Wi-Fi networks and a potential increase in public phishing attacks.
Indeed, UK organisations have already begun to see Coronavirus-themed phishing emails with infected attachments containing fictitious 'safety measures.' These criminal campaigns use the changes in working patterns as an opportunity to expand phishing campaigns and other activities, knowing more people are working from home and might be more vulnerable to cyber-attacks. The NCSC is urging businesses and the public to consult its online guidance, including how to spot and deal with suspicious emails as well as mitigate and defend against malware and ransomware.
Furthermore, as employees work in different environments their cyber risk profiles change, with some using a wider range of personal devices and/or working in public spaces. All organisations need to proactively investigate these risks and identify ways by which common risks can be mitigated against in the coming period. There are several common risks which many organisations will need to be manage including:
- Increases in phishing activity and cyber-crime: without quick in-person access to IT support colleagues some employees are likely to be more vulnerable to phishing attacks;
- Public Wi-Fi networks: some publicly accessible Wi-Fi networks are not suitable for use when working, particularly if accessing sensitive/personal data;
- Loss of devices/credentials: devices which are lost or stolen are a threat to the wider security of organisations, particularly credentials and login details are kept in close proximity in open files or written down;
- Using more personal devices: employees working remotely are more likely to use personal devices which are not always configured with the same security protections as work machines;
- Working in public spaces: sensitive data, printed or on screen, is more vulnerable when employees are working in public places like coffee shops etc.
There are a number of things organisations can do to mitigate against these threats. Most of them are simple and should be easy to implement despite office closures. The seven measures below are easy to implement and should go some way to help organisations protect employees working remotely.
- Ensuring easy remote access IT support during working hours.
- Giving regular, clear advice, based on official guidance, to all employees around issues like phishing, with identified points of contact for employees with queries.
- Utilising two-factor authentication on company portals and CRM systems, as per NCSC advice.
- Requiring all devices being used by employees to have sufficient security software protection with regular updates.
- Implementing clear policies around what communication channels the organisation is likely to use to disseminate sensitive company data.
- Banning the use of public Wi-Fi networks without sufficient security controls.
- Limiting work in public spaces where possible.
Companies should proactively seek the latest guidance from Government organisations around cyber threats and challenges throughout the outbreak, most notably the National Cyber Security Centre.
Latest News from
Public Safety & Security in the 21st Century05/08/2020 11:25:00
A major review of policing across England and Wales has concluded that a “radical rethink” is needed to enable forces to operate in a world in which almost half of...
ICO launches new AI and data protection guidance03/08/2020 11:05:00
The Information Commissioner’s Office (ICO) has launched new guidance on how to ensure data protection compliance when deploying artificial intelligence (AI).
Government launches £20 million in new grants to help SMEs recover03/08/2020 10:05:00
Grants will help SMEs access IT and digital advice services, as well as purchase equipment to adapt to or adopt new technologies.
Mayor of London calls for an Emerging Technologies Charter31/07/2020 16:25:00
Yesterday, the Mayor of London Sadiq Khan tasked his Chief Digital Officer, Theo Blackwell, and the Smart London Board with developing an Emerging Technologies Charter, which will set out the criteria which innovations should meet before they are deployed in the capital.
5G Create: Winning projects announced by government31/07/2020 15:15:00
The next wave of government-funded research and development projects aiming to put Britain at the forefront of 5G technology have been announced.
Global tech industry seeks certainty on EU-US cross-border data flows30/07/2020 11:25:00
techUK, ITIC and 15 other trade associations urge US and European regulators to begin negotiations on a successor agreement to the EU-U.S. Privacy Shield.
Workshop on Consumer IoT Regulation - DCMS Call for Views29/07/2020 16:25:00
DCMS has this month released its proposed approach to the legislation, announced in January 2020, that will mandate security requirements for consumer Internet of Things...
NCSC and KPMG release Decrypting Diversity report29/07/2020 13:33:00
KPMG and the NCSC yesterday released their first report looking at diversity and inclusion in the UK cyber security industry.