Mitigating against cyber threats:
How to Stay Safe while working from home
UK businesses are becoming increasingly reliant on technology at home in order to connect with staff and customers remotely, and with that dependence comes an increased risk of cyber-attacks and those seeking to capitalise on the crisis.
There are several things organisations can do to mitigate against cyber threats. Most are easy to implement and can help businesses to protect employees working remotely.
These include ensuring easy remote access IT support during working hours, providing regular, clear, advice on official guidance, ensuring all devices offer sufficient security software protection, banning the use of public Wi-Fi networks without sufficient security controls and limiting work in public spaces wherever possible.
With employees using technology away from their usual working environments, there is a greater risk of devices being lost or stolen. Organisations should make sure staff know what to do and who they need to contact if this should occur.
Zoom Video Communications have been vital to millions of people working from home, allowing them to connect with colleagues and customers online while in isolation. But the videoconferencing platform has already become a target for scammers.
In April, an individual hacker in a popular dark web forum posted a link to a collection of 352 compromised Zoom accounts for anyone to download. Although the intent was to troll and disrupt rather than profit, it emphasised just how easily confidential information can be compromised.
When arranging a Zoom meeting, make sure you don’t share your meeting ID publicly, and always add a meeting password. Only allow the host to do screen sharing and disable the functions which allow file transfers and removed participants to re-join. Lock meetings once all the attendees have joined to further reduce the risk of zoom bombing. You should always assume your chats will become public and keep confidential conversation to a minimum.
Organisations need to allow remote users to securely access their IT resources, such as email and file services. Virtual Private Networks (VPNs) create an encrypted network connection that authenticates the user and/or device and encrypts data in transit between the user and the services. If your business already uses a VPN, it needs to be fully patched.
Businesses should also check how staff are coping; not just in terms of how to use new technologies, but also how they are adapting to working remotely. Staff should know how to immediately report any problems and to whom, especially on security issues.
How Amethyst Can Help
We can help your company on a one-to-one basis, with for example, training, security management standards and cyber security policies and procedures.
Amethyst Risk Management is an established cyber security training provider - offering specialist courses on technical risk assessment as well as more basic introductory level courses. All training is provided by our highly experienced team, many of whom are CISSP certified and or NCSC Cyber Certified Professionals.
Amethyst can help to develop tailored cyber security policies, processes and procedures, including but not limited to: remote and home, access control, incident management, business continuity and protective monitoring. Our team of subject matter experts can analyse your business information security management system against industry standards such as ISO/IEC 27001, Cyber Essentials, SANS Top 20, 10 Steps to Cyber Security and COBIT.
Amethyst is certified to ISO 9001 and ISO/IEC 27001 (the International Standards for Quality and Information Security Management respectively). Our customers include public and private sector organisations. We have worked for central Government, the wider public sector, utility, logistics, data centre, engineering, telecomm companies and legal firms.
Our expertise and comprehensive range of cyber security and risk management services will help you identify and understand risk, manage it cost effectively, ensure compliance with legal and regulatory requirements, and most importantly protect your business.
Contact Amethyst today: firstname.lastname@example.org