Cyber Security Tips When Working from Home
Now the UK’s National Cyber Security Centre (NCSC) has published its guidance around protecting data when staff are working outside of their normal office environment.
NCSC warns that staff needing new accounts or access to systems will require strong passwords and two-factor authentication, if available.
SEE: Coronavirus: Effective strategies and tools for remote work during a pandemic
Employers should also consider new applications that staff may need to work — new collaboration tools in the form of chat rooms, videoconferencing or document sharing, for example: NCSC has separate guidance on implementing cloud services.
NCSC’s general recommendations include:
- Create written guides and how-to documents for new software that staff will be using, or existing applications that will be used in a different way, or even more basic elements like ‘How to log into and use an online collaboration tool’.
- Make sure devices encrypt data at rest, to protect data on the device if it is lost or stolen. While most modern devices have encryption built in, it may need to be switched on and configured.
- Use mobile device management (MDM) tools to set up devices with a standard configuration, and also to remotely lock devices, erase data or retrieve a backup.
- VPNs: Make sure that VPNs are patched, remember that additional licenses, capacity or bandwidth may be required if your organisation normally has a limited number of remote users.
- Make sure that staff know what to do if their device is lost or stolen. That includes who to report it to: staff who fear getting into trouble are less likely to report lost devices quickly, so make sure it can be done in a blame-free way.
USB drives can contain lots of sensitive data, but are also easily lost and can be an easy way for malware to find its way onto PCs. NCSC said companies can reduce security risks by:
- disabling removable media using MDM settings
- using antivirus tools where appropriate
- only allowing products supplied by the organisation to be used
- protecting data at rest (encrypt) on removable media
- ask staff to transfer files using alternative means like cloud storage or collaboration tools
From:
ZDNET