NCSC issues cyber advice as home working rises
Organisations are being urged to follow cyber security best practice guidance to help prepare for an increase in home and remote working in the wake of the coronavirus outbreak.
The National Cyber Security Centre has published guidance and advice for UK companies to help them mitigate the risk of a cyber attack on deployed devices. This includes laptops, mobiles and tablets, with NCSC also sharing tips to help staff spot typical signs of phishing scams.
The NCSC has outlined recommended steps for organisations in: preparing for home working; setting up new accounts and accesses; controlling access to corporate systems; helping staff to look after devices; and reducing the risk from removable media.
The cyber department has already warned that criminals are exploiting the Coronavirus online, with NCSC revealing a range of attacks being perpetrated online by cyber criminals. Techniques seen since the start of the year include bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected.
Paul Chichester, director of Operations at the NCSC, said: “We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak. Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails. In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”
There are several common risks which many organisations will need to be manage including:
- Increases in phishing activity and cyber-crime: without quick in-person access to IT support colleagues some employees are likely to be more vulnerable to phishing attacks;
- Public Wi-Fi networks: some publicly accessible Wi-Fi networks are not suitable for use when working, particularly if accessing sensitive/personal data;
- Loss of devices/credentials: devices which are lost or stolen are a threat to the wider security of organisations, particularly credentials and login details are kept in close proximity in open files or written down;
- Using more personal devices: employees working remotely are more likely to use personal devices which are not always configured with the same security protections as work machines;
- Working in public spaces: sensitive data, printed or on screen, is more vulnerable when employees are working in public places like coffee shops etc.