The disruption caused by the Covid-19 crisis has forced businesses to change how they operate; non-essentials workers are now working remotely and physical events have become virtual.
In this new mass remote and online environment, what can businesses do to protect themselves and their workforce from cyber security threats?
To find out, Information Age spoke to a spokesperson from the National Cyber Security Centre (NCSC).
1. What is the NCSC’s main advice to small, medium and large organisations for protecting their organisations during this period of disruption caused by the coronavirus?
For organisations of all sizes this period presents a cyber security challenge, and this is particularly the case for those moving towards home working arrangements for the first time, or significantly increasing home working.
The NCSC recently published new guidance for organisations with staff working from home, which includes everything from preparing for home working to helping staff look after devices.
Smaller businesses may also wish to familiarise themselves with the NCSC’s Small Business Guide, which sets out five steps to take to bolster their cyber security, and SMEs should encourage staff to try the NCSC’s e-learning package while working from home.
As well as taking steps to protect themselves from becoming a victim it is important for businesses to plan how they would react if they did have an incident. The NCSC’s Small Business Guide: Response & Recovery helps small businesses prepare their response and plan their recovery.
Home workers must be careful to spot phishing scams — especially those using coronavirus at the moment to seem legitimate. In the event that someone does fall victim, they should as quickly as possible report it to their IT department when the incident is work-related or Action Fraud when it is personal. The NCSC’s guidance on suspicious emails provides more tips on this.
Will an increase in remote working lead to more cyber attacks?
2. What do small, medium and large organisations need to do to ensure their remote workforce is secure?
Our new home working guidance includes advice on having strong passwords on staff accounts with two-factor authentication, using VPN to allow secure remote access to IT resources, and keeping software up to date. If users are being asked to use their own devices, we’re pointing to our bring-your-own-device guidance.
3. What is the NCSC’s advice to leadership when it comes to security?
Whilst working from home will not be new to many organisations and employees, the coronavirus outbreak is forcing organisations to consider home working on a greater scale, and for a longer period of time. Our advice to leadership is to work closely with their technical teams, familiarise themselves with our security guidance and use it to support employees.
For larger organisations, we would encourage them to become familiar with the NCSC’s Board Toolkit, which is designed to encourage essential cyber security discussions between the Board and their technical experts.