Strengthening cyber security when working from home
As Coronavirus (COVID-19) continues to spread, more and more organisations are asking increasing numbers of employees to work from home. This presents several different cyber security challenges and risks for businesses whose day-to-day operations are usually office based, including challenges with using public Wi-Fi networks and a potential increase in public phishing attacks.
Indeed, UK organisations have already begun to see Coronavirus-themed phishing emails with infected attachments containing fictitious 'safety measures.' These criminal campaigns use the changes in working patterns as an opportunity to expand phishing campaigns and other activities, knowing more people are working from home and might be more vulnerable to cyber-attacks. The NCSC is urging businesses and the public to consult its online guidance, including how to spot and deal with suspicious emails as well as mitigate and defend against malware and ransomware.
Furthermore, as employees work in different environments their cyber risk profiles change, with some using a wider range of personal devices and/or working in public spaces. All organisations need to proactively investigate these risks and identify ways by which common risks can be mitigated against in the coming period. There are several common risks which many organisations will need to be manage including:
- Increases in phishing activity and cyber-crime: without quick in-person access to IT support colleagues some employees are likely to be more vulnerable to phishing attacks;
- Public Wi-Fi networks: some publicly accessible Wi-Fi networks are not suitable for use when working, particularly if accessing sensitive/personal data;
- Loss of devices/credentials: devices which are lost or stolen are a threat to the wider security of organisations, particularly credentials and login details are kept in close proximity in open files or written down;
- Using more personal devices: employees working remotely are more likely to use personal devices which are not always configured with the same security protections as work machines;
- Working in public spaces: sensitive data, printed or on screen, is more vulnerable when employees are working in public places like coffee shops etc.
There are a number of things organisations can do to mitigate against these threats. Most of them are simple and should be easy to implement despite office closures. The seven measures below are easy to implement and should go some way to help organisations protect employees working remotely.
- Ensuring easy remote access IT support during working hours.
- Giving regular, clear advice, based on official guidance, to all employees around issues like phishing, with identified points of contact for employees with queries.
- Utilising two-factor authentication on company portals and CRM systems, as per NCSC advice.
- Requiring all devices being used by employees to have sufficient security software protection with regular updates.
- Implementing clear policies around what communication channels the organisation is likely to use to disseminate sensitive company data.
- Banning the use of public Wi-Fi networks without sufficient security controls.
- Limiting work in public spaces where possible.
Companies should proactively seek the latest guidance from Government organisations around cyber threats and challenges throughout the outbreak, most notably the National Cyber Security Centre.
Latest News from
COVID-19, protein folding, and the crowd-sourced quest for a cure27/03/2020 16:10:00
Whilst not a new application, the advanced adoption of technology to power computer simulations of protein folding is helping scientists combat COVID-19.
Chancellor unveils wage guarantee scheme for the self-employed27/03/2020 14:05:00
After a comprehensive COVID-19 package for full time workers, the Chancellor extends support to the self-employed.
Supporting Health Services during the Coronavirus Pandemic27/03/2020 13:05:00
An update on how and where to offer support for the NHS.
techUK’s round up of the 2020 Budget27/03/2020 11:05:00
techUK has taken a deep dive look at one of the most consequential budgets for UK tech in recent years.
COVID-19: Call for rapid sanitising technology for ambulances27/03/2020 09:20:00
The Defence and Security Accelerator (DASA) is looking for rapid sanitising technology to speed up the time it takes to clean ambulances to assist in the national effort...
How to offer support to UK Government26/03/2020 16:25:00
The Cabinet Office has established two websites where UK businesses can register to assist the Government in its response to the COVID-19 outbreak.
Home Office extends visas for those effected by COVID-1926/03/2020 15:43:00
Foreign nationals who cannot return home because of the pandemic will be able to extend their visas.
Government Procurement Policy Note: Supplier relief due to COVID-1926/03/2020 13:33:00
The Government has published a Procurement Policy Note surrounding the COVID-19 outbreak, setting out information and guidance for public bodies on payment of their...