Speedy, simple and free – Secure home working tips

Back

A Cyber Security Article

Published: 02/04/2020 Last Updated: 02/04/2020

The current Coronavirus pandemic means that many organisations are now enforcing remote working practices for the majority, if not all, of their employees. While this is an important social distancing strategy in delaying the spread of the virus, for some companies remote working is a completely new way of operating.

The speed at which government restrictions have come into force also means that a lot of organisations have struggled to ensure that users are adequately set up to work from home – both in terms of equipment and tools, and from an education and awareness point of view.

There are many reports of cyber criminals and hackers trying to exploit the Coronavirus outbreak in order to perpetrate attacks. Phishing is the most common attack type, due to the almost limitless social engineering possibilities. Emails with a subject line containing “Coronavirus” or “Covid-19” are sure to pique the interest of most users.

Remote working brings many security challenges, and in an ideal world companies would have adequate time to deploy effective cyber security solutions and educate their users. This is far from an ideal world, and comes at a time when most businesses should be focusing on core operations and supporting customers.

For businesses who suddenly find themselves operating in a remote and virtual world, and for whom this may be unchartered territory, here are our quick cyber security tips to help ease the transition.

User education: by far the most effective strategy is to educate users to remain vigilant and follow cyber security best practices at all times. Online cyber awareness training and simulations for certain attack types such as phishing are available, but come with a cost. However, there are a number of resources available free of charge, and measures you can take yourself:

  • Tip sheets and quick guides are available from organisations like StaySafeOnline, powered by the National Cyber Security Alliance.
  • You could also consider running webinars and virtual drop in clinics for employees to ask questions.
  • Make sure there is a mechanism in place for employees to report suspicious emails and potential cyber security incidents – if they accidentally uploaded a sensitive document to a Cloud-based app, you want to know about it!
  • Instil a ‘no blame’ culture – the key here is openness. If your users feel they may be penalised for a security breach, chances are they won’t report it

Technology and devices: More than ever before, the lines between corporate and home-owned networks and devices is being blurred. More than ever before, the perimeter of your network resides with the user and their devices. Here’s a few quick and easy recommendations to help make sure that your data, devices and users stay safe – wherever they are.

  1. Ensuring that anti-virus and other security software is installed and fully up to date.
  2. Make sure Wi-Fi connections are secure – that means changing the network’s default name and choosing a strong password.
  3. Your users might also want to consider having a separate network for home and corporate devices.
  4. Always connect to the corporate network via a VPN or other secure network connection.
  5. Only use approved devices and applications for work-related activity.
  6. Back up files regularly.
  7. Lock your screen if you use a shared workspace in the home.
  8. Restrict access to the devices you use for work, ideally keep them with you or lock them away when not in use.
  9. Don’t allow friends, family or toddlers (!) to use your work devices
  10. Always think before you click on an attachment or link in emails and messages. Particularly if they reference Coronavirus or Covid-19. Even if the message appears to come from a colleague or someone you know, exercise caution!

The truth is that all of the above measures apply to home and remote workers at all times. We may be operating under unprecedented conditions right now, but this too shall pass. And when it does, the rules of staying safe online won’t really have changed, and they will be just as relevant then as they are now. So perhaps one slim silver lining to this cloud is that cyber security will get the recognition it deserves, at all levels of the organisation. And that is no bad thing at all.

To find out more about how norm is helping organisations to manage their home workforce in a secure and hassle-free way, please click here.

To register for upcoming webinars on this topic, and access our archive of past webinars, please visit.

I’m thrilled to have signed off on the CSaaS offering.  I’m looking forward to having the most complete cyber security package for the mid-market and continuing our successful working relationship with norm.

Richard Taylor, CIO
Summit Therapeutics

CSaaS allows me to step away from multi-vendor management as the Security Operations Centre coordinates all of the technology for me.

David Vincent, CTO
Perpetuum

The biggest factor was that they had a data protection lawyer in-house who worked for them, which meant there was someone we could directly go to with specific questions about the (GDPR) regulation.

Phil Everitt, Management Information Systems Manager
Leicester Tigers

We were in the market for an independent Data Protection Officer service that was well versed with both UK and EU regulators. We’re thrilled to have acquired this service knowing that an expert is available 24/7.

Suzanne McCabe, Head of Project Management
James Hambro & Partners

Norm’s penetration testing layer, along with the suite of CSaaS modules has enabled MA to exceed all its audit requirements for its major clients.

Rob Elisha, ICT and CRM Manager
Montreal Associates

The speed of your Data Protection Officer’s response was very impressive – it was far quicker than I would have expected even from an in-house DPO

Will Blake, Director of Technology and Analytics
CRU Group