Cybersecurity: Minimising Risks While Working at Home
Social distancing measures announced around the world in response to the spread of Covid-19 have led millions of people to work remotely – some for the first time. As businesses get used to their teams working from outside the office, they must be wary of the cybersecurity risks that such a setup can create. Below we outline the challenge and the solutions to minimise the vulnerabilities of working online from home.
Covid-19 measures have caught companies off guard: many had not prepared or tested for remote working (remote working policies, security training and testing of infrastructure, etc.). Remote working creates an opportunity for cybercriminals: national cyber security centres around the world have already reported an increase in phishing emails, with infected attachments falsely claiming to deliver ‘Covid-19 safety measures' to the reader. Some of these phishing campaigns could end in reportable data breaches and cybercriminals will take advantage of remote access that is insecure and generates security vulnerabilities.
If remote working solutions have been rapidly implemented in your organisation, here are seven ways to minimise cybersecurity risks:
- Policy - Refresh and communicate acceptable use of information systems policy which informs staff on how to handle and protect sensitive personal and business information.
- Passwords - Ensure that staff passwords are strong and have been recently changed. Use multi-factor authentication.
- Phishing - Conduct phishing simulations with staff to help them avoid falling prey to Covid-19-related attacks.
- Awareness – Issue regular communications to staff to raise awareness of the type of cyber risks so that they are clear of the steps they can take.
- Testing – Conduct vulnerability scanning and penetration testing on critical systems, network or web applications to find security gaps that an attacker could exploit.
- Device Security – Ensure personal and company data can only be accessed by secure devices. Meanwhile, restrict the ability to copy client data to personal devices and ensure remote workers are using a secure wireless connection.
- Email Security – Monitor the use of personal email addresses for work purposes. Where possible, restrict the use of auto-forwarding technology to prevent company data being sent to personal email addresses.
Even in times of uncertainty, organisations need to take charge on these critical cybersecurity risks and build resilience to protect, respond, and recover from cyber-attacks. Mazars supports public and private sector organisations of all sizes in their cybersecurity technical and organisational controls, and we can typically carry out these activities remotely.
Mazars consulting is a specialist unit within the Mazars group with an expertise spanning a wide range of areas We operate globally and thus have close links with our international counterparts frequently liaising with them on assignments.
Cyber Behaviour and Culture
Most reportable data breaches are a result of human error. By focusing on understanding online human behaviour and an organisations culture, Mazars can help you to design engaging and practical cyber policies, deliver education and implement effective work practices that reduce cyber risk.
Privacy & GDPR Services
GDPR came into force on 25th May 2018. Mazars has supported many organisations attain GDPR compliance. We will continue to provide support to our clients in refining and maintaining compliance as the regulatory and legal environment matures.
Information is one of the most important assets in any organisation. Technology is the key tool employed in the management, utilisation and dissemination of this asset, but its use is not always optimised.
Robotics Process Automation
Robotic Process Automation (RPA) is a form of business process automation technology which utilises software robots to complete manual and repetitive tasks by mimicking employee actions on a virtual or interactive workstation.