Stay Cyber-Secure Working From Home

With many nations working from home, cyber hackers are attempting to exploit vulnerabilities and steal valuable information. Cyber criminals are increasing their activity as they look to capitalise on the Covid-19 crisis. 
 
The current advice from the British National Cyber Security Centre (NCSC), which is a part of GCHQ, details steps on how organisations should prepare for increased remote working and ensure staff are vigilant with work devices that may contain sensitive data. 
 
It warns that employees are more likely to have their devices stolen or lost when they are away from the office or home, so efforts must be made to ensure data is encrypted while in a resting state.
 
In the UK alone, victims lost over £800,000 to coronavirus scams in February, reports the National Fraud Intelligence Bureau. One unlucky person in particular was left £15,000 lighter after buying face masks that never arrived.
Experts are warning of a new wave of cyber-attacks targeting Americans who are forced to work from home during the coronavirus outbreak.
 
There is increasing evidence that hackers are using the concerns over the virus to prey on individuals and that working outside secure office environments opens the door to more cyber vulnerabilities.
 
Despite these risks, remote workers continue to use public Wi-Fi in large numbers. A recent Spiceworks Data survey indicated that more than 60% of organisations’ workers use company-issued devices on public Wi-Fi networks. The proliferation of connected smart devices in the home has increased the number of attack points, which means that remote workers need to be more vigilant about securing their home offices.
 
One of the easiest ways to lower the risks associated with public or poorly secured networks is for companies to require the use of a virtual private network that allows for secure connections. While that can be effective, it also needs to be paired with comprehensive training.
 
Cyber security training staged at regular intervals is imperative for managing all types of threats in the workplace: online, offline, in office or out of the office.
 
When conducting these sessions, however, it’s important to really place an emphasis on the specific challenges associated with remote work.  
  • Show workers how to spot common phishing attacks, raise their awareness of spoofing and other techniques 
  • Ensure that each worker understands the basics of good IT hygiene.
  • A modest investment here can be paid back exponentially if a significant security breach is averted.
To manage risk, it’s important to ensure all software is current and continually updated. Common tools such as malware scanners, firewalls and virtual private networks can also help maintain security.
 
For something a bit more advanced, organisations can choose to deploy breach and attack simulation software. These platforms simulate common attack techniques across likely attack paths to help expose an organisation’s security vulnerabilities. UK Police say that as more of us keep away from the office, they're already seeing an increase in cyber-attacks across the country, so we're being asked to be careful.
 
Tips to Reduce Cyber Risk:
  1. Ensure that your computer systems and virtual environments are resistant to cyber threats and implement stronger security measures where appropriate. Additional layers of encryption or password protection are recommended. 
  2.  Speak to your SaaS (software as a service) vendors about their business continuity plans to ensure there is minimal impact and disruption to your business and that they are ready to assist you with disaster recovery. 
  3. Refresh your staff training on cyber hygiene and looking after personal and confidential information. Get them some cyber training on phishing attacks, cooperation assistance during a data breach, not leaving physical documents lying around, taking care when working on laptops in public spaces.
  4.  Prevent staff using personal, unsecured IT equipment at home and transferring data to unsecured platforms to access data remotely.
  5. Check your Covid-19 response plan, does it cover cyber incident response and are you prepared, and insured, for a data breach? Have you got lawyers and forensic experts you can call on in an incident? 
  6. Make sure you can communicate with all remote working employees if your systems have to be taken offline. Remote working staff must be able to carry out a password reset remotely if needed. 
  7.  Protect your reputation and take measures to protect personal and confidential information, be careful about disclosing employee, customer or supplier health information otherwise you may be in breach of common law and contractual obligations.
Make personal devices secure:
If your organisation has sanctioned the use of personal devices, then it’s important that you implement anti-virus software and make sure that any software and operating systems that you are using are up-to-date.  Outdated software is easy for cyber criminals to exploit.
 
 Adopt secure working practices
Don’t be tempted to make life easier by forwarding information to personal accounts or cloud storage accounts, which are more vulnerable to cyber-attack. Locking your computer when it’s not in use, ensures that other family members don’t accidentally open your device to malware or phishing attempts.
 
Beware of Phishing 
We're warned that cyber criminals are exploiting the coronavirus outbreak as an opportunity to send phishing emails claiming to have important updates or encouraging donations, impersonating trustworthy organisations.
 
For more information on training employees and making them much more cyber-secure please contact Cyber Security Intelligence. 
 
Raconteur:      Security Boulevard:      TechSpark:     BizCommunity:    StrayFM:     The Hill:    Irish News:
 
You Might Also Read: 
 
Remote Working Is On Suddenly On Trend:
 
 
 
 
« Universities That Teach Cyber Security At Risk
WEBINAR: How to design a least privilege architecture in AWS »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Focal Point Data Risk

Focal Point Data Risk

Focal Point is a pure-play data risk management provider capable of offering end-to-end consulting, implementation, and training services.

Ipsidy

Ipsidy

Our identity platform enables mobile users to more easily authenticate their identity to a mobile phone or portable device of their choosing.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

LightEdge Solutions

LightEdge Solutions

LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Dracoon

Dracoon

DRACOON is market leader in the German-speaking region for secure enterprise file sharing.

RvA

RvA

RvA is the national accreditation body for the Netherlands. The directory of members provides details of organisations offering certification services for ISO 27001.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

YesWeHack

YesWeHack

YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered) to identify and report vulnerabilities in their systems.

Internetwork Defense (IND)

Internetwork Defense (IND)

Internetwork Defense is a premier provider of Information Security Training and Business Consulting Services in the Mid-Atlantic region.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

Ascent Solutions

Ascent Solutions

Ascent is built to help firms evolve their cybersecurity posture, modernize their Microsoft solutions, and accelerate their journey to the cloud.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.