Cybersecurity: Minimising Risks While Working at Home

Social distancing measures announced around the world in response to the spread of Covid-19 have led millions of people to work remotely – some for the first time. As businesses get used to their teams working from outside the office, they must be wary of the cybersecurity risks that such a setup can create. Below we outline the challenge and the solutions to minimise the vulnerabilities of working online from home.

The challenge

Covid-19 measures have caught companies off guard: many had not prepared or tested for remote working (remote working policies, security training and testing of infrastructure, etc.). Remote working creates an opportunity for cybercriminals: national cyber security centres around the world have already reported an increase in phishing emails, with infected attachments falsely claiming to deliver ‘Covid-19 safety measures' to the reader. Some of these phishing campaigns could end in reportable data breaches and cybercriminals will take advantage of remote access that is insecure and generates security vulnerabilities.   

Seven solutions

If remote working solutions have been rapidly implemented in your organisation, here are seven ways to minimise cybersecurity risks:

  1. Policy - Refresh and communicate acceptable use of information systems policy which informs staff on how to handle and protect sensitive personal and business information. 
  2. Passwords - Ensure that staff passwords are strong and have been recently changed. Use multi-factor authentication.
  3. Phishing - Conduct phishing simulations with staff to help them avoid falling prey to Covid-19-related attacks.
  4. Awareness – Issue regular communications to staff to raise awareness of the type of cyber risks so that they are clear of the steps they can take. 
  5. Testing – Conduct vulnerability scanning and penetration testing on critical systems, network or web applications to find security gaps that an attacker could exploit. 
  6. Device Security – Ensure personal and company data can only be accessed by secure devices. Meanwhile, restrict the ability to copy client data to personal devices and ensure remote workers are using a secure wireless connection.  
  7. Email Security – Monitor the use of personal email addresses for work purposes. Where possible, restrict the use of auto-forwarding technology to prevent company data being sent to personal email addresses. 

Even in times of uncertainty, organisations need to take charge on these critical cybersecurity risks and build resilience to protect, respond, and recover from cyber-attacks. Mazars supports public and private sector organisations of all sizes in their cybersecurity technical and organisational controls, and we can typically carry out these activities remotely.

Contacts

Related services

Mazars Consulting Services

Consulting

Mazars consulting is a specialist unit within the Mazars group with an expertise spanning a wide range of areas We operate globally and thus have close links with our international counterparts frequently liaising with them on assignments.

ET-cyber culture.jpg

Cyber Behaviour and Culture

Most reportable data breaches are a result of human error. By focusing on understanding online human behaviour and an organisations culture, Mazars can help you to design engaging and practical cyber policies, deliver education and implement effective work practices that reduce cyber risk.

ET Privacy and GDPR

Privacy & GDPR Services

GDPR came into force on 25th May 2018. Mazars has supported many organisations attain GDPR compliance. We will continue to provide support to our clients in refining and maintaining compliance as the regulatory and legal environment matures.

Governance&Risk-Management-IT-security-Mazars

IT Consulting

Information is one of the most important assets in any organisation. Technology is the key tool employed in the management, utilisation and dissemination of this asset, but its use is not always optimised.

Innovation 2 1600 per 500px.jpg

Robotics Process Automation

Robotic Process Automation (RPA) is a form of business process automation technology which utilises software robots to complete manual and repetitive tasks by mimicking employee actions on a virtual or interactive workstation.