Home Working Is A Threat To Cybersecurity

Uploaded on 2018-04-09 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Employees should avoid taking work devices and sensitive work information home with them and all charities are at risk of cyber-attacks regardless of their size or prominence, fundraisers have been warned.

Speaking at the Institute of Fundraising’s fundraising compliance conference this week, the cyber-crime expert Neil Sinclair, chief operating officer at London Digital Security Centre and formerly of GCHQ, said that there were 85 million attempts to hack computers in the UK every year and charities were potential targets.

He said many people thought that criminals would target relatively well-defended large companies or charities, whereas in reality they often focused on vulnerable smaller organisations, including many charities.

"If there is anyone at a charity who says their charity is too small or too isolated or too original to be a victim of a cyber-attack, they are lying to you," he said.

Sinclair also outlined some of the specific threats to charities and said people working from home or while commuting could be significant threat to a charity’s cyber security.

"Do you use the same devices at home as you use at work?" he asked. "Do you strictly keep those devices you use at work off your home network?

"You should use devices for work only in the workplace, on 4G or on a specific WiFi network."

For example, GCHQ did not allow personal devices to enter the workplace, Sinclair said, because they were more at risk of being hacked, and therefore could be used to record without people knowing, for example.

He also warned of using WiFi in locations such as pubs or coffee shops and said that staff should ensure they did not use sensitive company information while on digital devices that are connected to, unsecured, WiFi.

This is because it was relatively easy for criminals to replicate unsecured WiFi networks, Sinclair said, and it was therefore important to ensure the device used "forgets" the WiFi network once workers left the venue.

The trend for employees to send information to their personal devices to work on while commuting or at home also undermined cyber defences, Sinclair said, because sensitive information for the charity was being used in an environment that was outside the cyber defences the charity had in place.

He said that most cyber-attacks "are not targeted, they are random – they are fun, some of them", and people should be aware that if they use electronic devices connected to WiFi in public places they are vulnerable and "can be a victim just because you are there".

Sinclair said: "Should I really be taking my work stuff home on my own device? You shouldn’t – that’s the simple answer."

He added that many organisations were not actually carrying out their cyber strategies, with fewer than one in 100 actually having a plan that was enforced across the company.

Third Sector

You Might Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

Charities Are Vulnerable To Severe Cyber Attacks:

 

« Fake News Will Lead To A Cyber War
Iranian Hackers Adopt New Methods »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

PRESENSE Technologies

PRESENSE Technologies

PRESENSE Technologies specializes in monitoring and enforcing IT security policies at critical points in the network and on end systems.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

ThreatReady Resources

ThreatReady Resources

ThreatReady reduces an organization’s risk by delivering cyber security awareness training based on the latest, state-of-the-art learning science to effectively drive long-term cyber-safe behavior.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Auto-ISAC provides a forum for companies to analyze and identify threats sooner and share solutions that enhance vehicle cybersecurity.

Triskele Labs

Triskele Labs

Triskele Labs deliver services including Penetration Testing, Compliance and Risk Management through to 24*7*365 Security Operations and outsourced Cybersecurity Managers.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

LeakSignal

LeakSignal

At LeakSignal, we transform the way you monitor and protect your data. We provide unparalleled visibility and control over your sensitive data flows.

SecureCo

SecureCo

SecureCo supports some of the most demanding cyber practitioners in the world, offering defense-in-depth cybersecurity to support API protection and data transport assurance.

Vyntra Global

Vyntra Global

Vyntra is a global leader in transaction intelligence, formed from the merger of NetGuardians and Intix.

Empirical Security

Empirical Security

Empirical builds mathematical models for security data. We maintain the world’s most advanced global models for cybersecurity, and we build local models that respond to your specific context.