With a high proportion of the UK workforce currently working from home, managing cyber risks associated with home working has never been more important.
With the potential for relaxation in security cyber criminals are seeing this as an increased opportunity to target businesses. For example, some employees may be using their own equipment which may not be protected in the same way they would be within the company’s usual secure environment.
In recent weeks it has also been well documented in the media how hackers are using coronavirus conspiracy theories to spread phishing scams, including many e-mails that appear to come from legitimate sources. Both the National Cyber Security Centre (NCSC) in the UK and the Cybersecurity and Infrastructure Security Agency (CISA) in the US issued a joint alert on 8th April to warn that hackers are attempting to exploit the Covid-19 pandemic, stating that cyber criminal are using malware and ransomware to target businesses across the UK and US. Full details can be found here.
Scams include spear-phishing e-mails claiming to be from The Director-General of the World Health Organisation or e-mails that claim to provide information about new coronavirus cases in your area or to offer tax refunds. The primary purpose of these malicious files or links is to install malware on victims’ systems in order to harvest personal details.
To ensure that company data and networks remain secure it is essential that organisations mitigate increased risk by implementing appropriate safeguards. These may include (but are not limited to):
- Effective enforcement of remote working and data governance policies
- Controlling access to corporate systems – for example via Virtual Private Networks (VPN’s)
- Utilise multi-factor authentication for networks and business applications
- Where appropriate ensuring devices encrypt data whilst at rest and/or are correctly configured to do so
- Assist employees in setting up secure home wi-fi and mandate public wi-fi is not to be used
- Reminding employees to remain vigilant when opening e-mails, attachments and embedded links (especially from third parties they do not recognise)
- Support employees throughout the outbreak period, providing additional training where appropriate
- Procuring comprehensive Cyber insurance (if not already in place) and/or notify insurers of any changes to your normal security protections, to ensure this does not compromise existing coverage
Further guidance can be found at the National Cyber Security Centre (NCSC) website: https://www.ncsc.gov.uk/guidance/home-working