Many organisations are either moving to working remotely for the first time or significantly increasing it, and this presents a number of cyber security challenges. Advice on how to respond to those challenges is set out in the NCSC’s working from home guidance.
There are a number of practical steps organisations can take to reduce the risk including:
- Supporting people to use stronger passwords and setting up two factor authentication.
- Ensuring staff know how to report problems, especially those related to security.
- Creating ‘How do I’ guides for new software and tools staff may be using.
- Using VPNs to allow users to securely access the organisation’s IT services.
- Ensuring devices encrypt data whilst at rest.
Some organisations may be allowing staff to use their own devices to work remotely. In this case, please refer to the NCSC's Bring Your Own Device (BYOD) guidance.
In addition to following the guidance set out above, it is worth being aware of phishing emails which trick users into clicking on a bad link. Once clicked, the user is sent to a website which could download malware onto your computer, or steal passwords. We know that cyber criminals are opportunistic and will look to take advantage of people’s fears, and there is evidence that the Coronavirus outbreak is being exploited in this way.
Those who do fall victim shouldn’t feel bad – these scams can be extremely convincing – but what they should do as quickly as possible is report it to their IT department when the incident is work-related or Action Fraud when it is personal. They can also open their antivirus (AV) software if installed, and run a full scan, following any instructions given. If they’ve been tricked into providing password, they should change their passwords on all their other accounts. The NCSC’s guidance on suspicious emails provides more tips on this.
Our Cyber Griffin team have also created a series of short video guides on how to keep you and your family safe while online at home which contain practical hints and tips and cover a range of topics, including passwords, phishing, vishing and multi-factor authentication.