And remote working heightens these threats by increasing the number of opportunities a cybercriminal has to get into your systems.
Remote working is any access to your systems from anywhere other than a physical premise. So, it could be your employees need to have a connected tablet to confirm deliveries made, or work from home twice a week to catch up on invoicing. These would both be remote working.
It is more difficult to secure devices outside of a set network. You must make sure that the devices can connect and utilise the system but only allow those trusted devices in. And with more devices on the network, you increase the number of systems that you need to monitor to ensure that any critical security update is applied.
Staff need to be more aware to the tricks criminals use to gain access to their systems, and if these devices are also being used by family members, then they could potentially download infected games without realising.
1. Have a clear policy around remote working and make sure that staff know and understand it. Consider creating a draft and seeking employees views about it. They might pick up things that you have missed and by being included in the discussion they are more likely to understand and comply in the future.
2. Train your staff. It’s all very well telling your staff not to fall for phishing attempts but unless you give them the tools and knowledge to protect themselves and your company it is unlikely to have an impact. And it’s not just about the phishing emails. Include awareness around physical security of devices. If a new “driver” appeared with a van and fluorescent jacket, would he be allowed a tablet or is there a system of checking access. The NCSC has free online training or if you would like a bespoke package speak to us about our affordable services. We work with local University students, trained by senior ethical hackers to deliver a quality, and engaging session.
3. Enable Two Factor Authentication wherever you can but especially on emails and remote access systems. Weak passwords are an easy target for cyber criminals and 2FA prevents them buying username/password combinations from the darknet and just logging in.
4. Have internal logging so you know what normal looks like you’re your users and can be aware of any odd activity. If you haven’t got anything currently consider using the National Cyber Security Centre’s Logging Made Easy (LME). LME is an open-source project, hosted on the NCSC's github page. It provides a practical way to set up basic end-to-end Windows monitoring of your IT estate.
5. Join the ECRC for free. The ECRC has been set up by policing to help business build their cyber resilience. Free membership gives businesses support, guidance, and information about the latest threats as well as practical steps to implement. We also provide affordable cyber resilience services so you can test your systems. And we are part of a network of CRCs so wherever you are in the UK, you can access free support.
Click to Open Code Editor