Strengthening cyber security when working from home
As Coronavirus (COVID-19) continues to spread, more and more organisations are asking increasing numbers of employees to work from home. This presents several different cyber security challenges and risks for businesses whose day-to-day operations are usually office based, including challenges with using public Wi-Fi networks and a potential increase in public phishing attacks.
Indeed, UK organisations have already begun to see Coronavirus-themed phishing emails with infected attachments containing fictitious 'safety measures.' These criminal campaigns use the changes in working patterns as an opportunity to expand phishing campaigns and other activities, knowing more people are working from home and might be more vulnerable to cyber-attacks. The NCSC is urging businesses and the public to consult its online guidance, including how to spot and deal with suspicious emails as well as mitigate and defend against malware and ransomware.
Furthermore, as employees work in different environments their cyber risk profiles change, with some using a wider range of personal devices and/or working in public spaces. All organisations need to proactively investigate these risks and identify ways by which common risks can be mitigated against in the coming period. There are several common risks which many organisations will need to be manage including:
- Increases in phishing activity and cyber-crime: without quick in-person access to IT support colleagues some employees are likely to be more vulnerable to phishing attacks;
- Public Wi-Fi networks: some publicly accessible Wi-Fi networks are not suitable for use when working, particularly if accessing sensitive/personal data;
- Loss of devices/credentials: devices which are lost or stolen are a threat to the wider security of organisations, particularly credentials and login details are kept in close proximity in open files or written down;
- Using more personal devices: employees working remotely are more likely to use personal devices which are not always configured with the same security protections as work machines;
- Working in public spaces: sensitive data, printed or on screen, is more vulnerable when employees are working in public places like coffee shops etc.
There are a number of things organisations can do to mitigate against these threats. Most of them are simple and should be easy to implement despite office closures. The seven measures below are easy to implement and should go some way to help organisations protect employees working remotely.
- Ensuring easy remote access IT support during working hours.
- Giving regular, clear advice, based on official guidance, to all employees around issues like phishing, with identified points of contact for employees with queries.
- Utilising two-factor authentication on company portals and CRM systems, as per NCSC advice.
- Requiring all devices being used by employees to have sufficient security software protection with regular updates.
- Implementing clear policies around what communication channels the organisation is likely to use to disseminate sensitive company data.
- Banning the use of public Wi-Fi networks without sufficient security controls.
- Limiting work in public spaces where possible.
Companies should proactively seek the latest guidance from Government organisations around cyber threats and challenges throughout the outbreak, most notably the National Cyber Security Centre.
Latest News from
MHRA announce consultation on the future regulation of medical devices20/09/2021 16:20:00
The Medicines and Healthcare products Regulatory Agency (MHRA) is inviting members of the public to provide their views on possible changes to the regulatory framework for medical devices in the UK, aiming to develop a new regime for medical devices.
Tech Industry Gold accreditation extended to training programmes to help tackle digital skills shortages20/09/2021 15:20:00
TechSkills announces FDM as first to achieve Tech Industry Gold accreditation for training programmes.
Over a third of tech firms join Race to Zero campaign20/09/2021 13:15:00
Over a third of tech firms join Race to Zero campaign
techUK members donate $1 million to Take Five campaign to tackle fraud15/09/2021 14:05:00
Tech companies join banking industry to tackle fraud
Announcing September's Geospatial Champion10/09/2021 16:25:00
You can read our exclusive interview with techUK's new Geospatial Champion below #GeospatialFuture.
Young people urged not to miss out on flourishing tech job opportunities10/09/2021 11:25:00
Report by global emerging talent and reskill training provider, mthree has revealed that misconceptions and a lack of awareness are preventing many young people from pursuing technology careers.
Talking 5 with Local Public Services Member Capita09/09/2021 16:25:00
Georgina Maratheftis, Head of Local Public Services, techUK and Paul Abraham, Managing Director & Client Partner – Capita Local Public Service at Capita discuss how digital is transforming local public services and the need for an outcome based approach.
New Border Innovation Hub Goes Live09/09/2021 11:25:00
Cabinet Office has published a Border Innovation Hub where industry can find information and the tools it needs from across Government in order to innovate at the border.
Striking a balance in your hybrid workplace strategy for a greater user experience08/09/2021 16:15:00
The pandemic has managed to accelerate workplace transformation efforts as people shifted from office to digital collaboration from home. Technology has enabled employees to work remotely for more than a decade. But the pandemic has brought it into sharp focus as entire organizations had to adopt remote working. From rapidly adjusting with stopgap measures to ensuring business continuity, to planning on how to get the workforce safely back into the office, we are entering the next phase of hybrid work!