So COVID-19 or the Corona Virus as it’s still commonly referred to is really beginning to bite now, our news media outlets are immersed in the subject 24/7 so I won’t burden you with yet more facts and figures.
We won’t be trying to clumsily shoehorn a sales message into this piece. Instead, we thought we would put our experience and reach into something useful:
One emerging aspect since the outbreak has been the increasing prevalence of workers either requesting or being asked to carry out their duties from home instead of commuting to the office. Working from home is not a new thing, modern technology has long enabled employees to carry out their duties from home just as effectively as they could from business premises, indeed, many companies have embraced the home-work culture and it forms part of their backbone.
Not all companies and employees are used to home working
However, for countless other companies, this will be a new occurrence brought on by necessity, not choice. These companies especially need to think carefully about continuing to maintain information & cyber security best practices in a suddenly changing working environment. The sad news is that malicious actors won’t be taking a break, quite the opposite in fact, there is already widespread evidence of fraudulent emails using the virus as a platform on which to launch one form of cyber attack or another.
Many employees, unfortunately, are prone to segmenting their information security hygiene: work is the place with processes, procedures and policies that must be strictly adhered to, with access controls and monitoring, while home is where you relax and let your guard down.
Basic steps all companies should take
Now more than ever businesses need to communicate with their workforce and provide concise, easy-to-understand and consistent messaging that should include:
- Only use devices with up-to-date security – for example, Windows 7 for basic domestic home use might be acceptable in some circumstances but out of support operating systems should never be used for transmitting, processing or storing any form of commercial data.
- Following best cyber security practices when logging in remotely to company portals and cloud environments. Ideally use a reputable secure VPN service.
- Prohibition of use of public Wi-Fi, apart from the threat of cyber attack there is also the danger of shoulder surfing, hard copy information theft / mislaying and other issues when working in public places.
- Consideration of whom else is in the employees home environment, many people house share for example, and housemates can be an unknown entity.
- Following best-practice with regards to saving and transporting company data, for convenience employees may be tempted to use unauthorised portable drive devices or upload data to personal cloud accounts.
We strongly urge companies to undertake a comprehensive information risk management assessment with regards to this situation, there is no one size fits all solution, every organisation will need to prioritise and consider information risk versus maintaining a business-as-usual approach.
Do get in touch with us if you need any further guidance and assistance in these very unusual and unsettling times.