Home and mobile working: common-sense security advice

24 Mar 2020 01:43 PM

Blog posted by: Nick Wilding, General Manager, Cyber Resilience, AXELOS and Head of RESILIA®, 24 March 2020.

Man's hands holding smartphone with secure log in screen whilst working at laptop

The current coronavirus crisis has pushed ‘home and mobile working’ onto the front pages.

Self-isolation is critically important as we work towards preventing the rapid spread of the virus. But how can we isolate ourselves from a different threat whilst working remotely or at home - the threat from cyber-attackers who are exploiting this unprecedented time to take advantage of weaker security practices to carry out their attacks?

Many organizations will not be prepared for the additional security risks that home and mobile working can bring. These include:

The loss or theft of any device or removeable media containing sensitive company information which will open-up new opportunities for attack
‘Shoulder surfing’ where you may be overlooked by someone when you’re working in public or your telephone calls are listened in to
Lost or stolen devices that contain your user credentials (username, password or token) and can be used to compromise services or information stored in the device
Tampering where an attacker could insert malicious software or hardware on your device if it’s left unattended. This can result in inappropriate access to corporate networks and information
The physical risk of other members of your family gaining access to your devices and accidentally destroying or interfering with sensitive company information.

There are some simple and common-sense things we can all do to reduce these risks:

SECURE your device by setting a screen lock with a PIN, strong password or complex pattern
LOCK the screen on your laptop or device whenever you are not using it
STORE your device safely and make sure it’s not in public view
Make sure you have strong PASSWORDS for each device and never reveal them to others
Stay VIGILANT to the theft of devices through pickpocketing, snatching or burglary
HIDE laptops, tablets or phones from full view in unattended cars or bags in public
Ideally keep devices away from FAMILY members – for example there may be pressure from children to use work devices to access online school material or simply to use the internet.
REFAMILIARIZE yourselves with your organization's policies on home and mobile working.

…and if you’re working on valuable and sensitive company information at home or remotely, then:

AVOID using unsecured Wi-Fi hotspots
If available ALWAYS use your company’s secure VPN (Virtual Private Network) for all internet use while out and about
Use software to allow the REMOTE LOCKING OR WIPING of a lost or stolen device
Use GPS-based features that allow you to locate the device if it’s stolen and then turned on
DO NOT STORE sensitive company information on devices and delete local copies when you have finished viewing them
Always use company devices in an ethical manner and comply with your organization’s ACCEPTABLE USE POLICY.

Finally, we all need to make ourselves aware of what to do if any device is lost or stolen devices – early reporting is important and will help to minimise any risks to company data. We all must have the insight to know what to do next and the confidence to tell others quickly to minimize the threat your organization might face.

Remember: Stop, Think and Be Safe

Read Nick Wilding's previous AXELOS Blog Post on the coronavirus and cybersecurity, Beware coronavirus phishing attacks: Stop, Think and Be Safe.