The current coronavirus crisis has pushed ‘home and mobile working’ onto the front pages.
Self-isolation is critically important as we work towards preventing the rapid spread of the virus. But how can we isolate ourselves from a different threat whilst working remotely or at home - the threat from cyber-attackers who are exploiting this unprecedented time to take advantage of weaker security practices to carry out their attacks?
Many organizations will not be prepared for the additional security risks that home and mobile working can bring. These include:
- The loss or theft of any device or removeable media containing sensitive company information which will open-up new opportunities for attack
- ‘Shoulder surfing’ where you may be overlooked by someone when you’re working in public or your telephone calls are listened in to
- Lost or stolen devices that contain your user credentials (username, password or token) and can be used to compromise services or information stored in the device
- Tampering where an attacker could insert malicious software or hardware on your device if it’s left unattended. This can result in inappropriate access to corporate networks and information
- The physical risk of other members of your family gaining access to your devices and accidentally destroying or interfering with sensitive company information.
There are some simple and common-sense things we can all do to reduce these risks:
- SECURE your device by setting a screen lock with a PIN, strong password or complex pattern
- LOCK the screen on your laptop or device whenever you are not using it
- STORE your device safely and make sure it’s not in public view
- Make sure you have strong PASSWORDS for each device and never reveal them to others
- Stay VIGILANT to the theft of devices through pickpocketing, snatching or burglary
- HIDE laptops, tablets or phones from full view in unattended cars or bags in public
- Ideally keep devices away from FAMILY members – for example there may be pressure from children to use work devices to access online school material or simply to use the internet.
- REFAMILIARIZE yourselves with your organization's policies on home and mobile working.
…and if you’re working on valuable and sensitive company information at home or remotely, then:
- AVOID using unsecured Wi-Fi hotspots
- If available ALWAYS use your company’s secure VPN (Virtual Private Network) for all internet use while out and about
- Use software to allow the REMOTE LOCKING OR WIPING of a lost or stolen device
- Use GPS-based features that allow you to locate the device if it’s stolen and then turned on
- DO NOT STORE sensitive company information on devices and delete local copies when you have finished viewing them
- Always use company devices in an ethical manner and comply with your organization’s ACCEPTABLE USE POLICY.
Finally, we all need to make ourselves aware of what to do if any device is lost or stolen devices – early reporting is important and will help to minimise any risks to company data. We all must have the insight to know what to do next and the confidence to tell others quickly to minimize the threat your organization might face.
Remember: Stop, Think and Be Safe
Read Nick Wilding's previous AXELOS Blog Post on the coronavirus and cybersecurity, Beware coronavirus phishing attacks: Stop, Think and Be Safe.