March 18, 2020 Working remotely and securely
As a consequence of the coronavirus, large swathes of the workforce are experiencing home working for the first time. Whether they have been given dedicated laptops by their company or are using laptops to remotely dial in to central servers, inevitably there will be some security implications.
With thanks to the south-west cyber protection unit from Devon and Somerset police for their input, we list below a few areas which businesses and remote workers should consider in order to improve cyber security.
Phishing. More people working remotely almost inevitably means more emails flying around. This provides the perfect opportunity for fraudsters to try and open cracks in an organisation’s cyber defences. The golden rule here is that if you are in any doubt whether correspondence is genuine, pick up the phone and check. Equally importantly, watch out for fake login pages which may have been set up to catch out the unwary. Employees may like to familiarise themselves with the guidance issued by the National Cyber Security Centre (NCSC).
Passwords. Hopefully you are already aware of the importance of setting strong unique passwords, bolstered by Two-Factor authentication where possible. But you may not have considered the importance of applying the same strong password methodology to home routers. With so many people working remotely, home routers are particularly vulnerable to hacking attacks; especially if they still carry the default admin password. Here again the NCSC have some handy guidance.
Communications. Using a Virtual Private Network (VPN) can help businesses and their people to communicate more securely. The advice here is to do your research and choose a reputable provider from an official source. Either way, employees should be cautioned against using untrusted open Wi-Fi hotspots; instead being encouraged to use secure home systems or to tether to a 3G/4G connection point such as a personal phone. When it comes to sharing files it is vitally important that GDPR considerations come into play, with employees being instructed not to use personal email addresses or other third-party unless specifically required to do so by the company.
Physical security. Whenever business or private equipment is being used outside the office, employees will need to take steps to ensure the security of such devices. This includes locking devices securely away when not in use, considering whether privacy screens should be used in order to restrict the ability of others to see sensitive information on-screen, and generally being aware of immediate surroundings.