ISO 27001 TOP TIPS

Homeworking Security

Digital and the ability to work from home has been a saviour for business. But it's also provided a big opportunity for cyber-criminals.  As an ISO 27001 certified agency supporting 1000s of users on multiple platforms across 50+ countries, we take cyber threats seriously and are keen to help protect our clients. The tips below are a new quarterly initiative.

Homeworking Security

Covid-19 poses an extra threat

Within months of the pandemic hitting last year, phishing attacks were up 600%.  According to InfoSecurity Group,

"As is usually the case, the attacks used widespread awareness of the subject to trick users into handing over their log-ins and financial information, and/or unwittingly downloading malware to their computers. Of the COVID-19 phishing attacks, 54% were classified as scams, 34% as brand impersonation attacks, 11% blackmail, and 1% as business email compromise".

 

McAfee’s global network of more than a billion tracking sensors registered a 605% increase in threat detections in the middle of last year. You can keep track of the latest threat levels with McAfee's COVID-19 Threats Dashboard.

 

Be cybersecurity safe at home with these measures

1. Handle data with care

When working at home, it's easy to get lax with the data you're handling. Even though you're not physically at work, it's still your individual responsibility to ensure that data, information, and assets belonging to your organisation (and your customers') are not revealed to or used by unauthorised persons.

 

2. Hands off family

If you're using a company-owned laptop, tablet, or smartphone device, it should only be used by you and in accordance with your organisation's acceptable use policy or contractual agreement. Check with your IT team for your corporate rules.

 

3. Always lock up

It might sound crazy in the privacy of your own home, but (just like in the office) you should lock your computer every time you walk away from it. Most devices have an auto-lock setting option. Your company may have pre-set yours. You should also keep your computer in a secure place when not in use.

 

4. Coffee house rules

If you're lucky enough to sneak off to a coffee house to work, be sure others can't see the information displayed on your screen and be discreet if you're doing work calls; you don't want strangers overhearing sensitive conversations.

 

5. Password reminders

It's said the average person has to remember up to 35 unique logins. No wonder nearly 40% of us forget a password at least once a week. HOWEVER - scribbling password reminders on post-its and leaving them on fridges, kitchen tables and work areas is a big no-no. Your login credentials (username, password, PIN, etc.) must NOT be available to anyone else to access. Use password management tools.

 

7. Don't email passwords

Much as it's tempting to help work colleagues out when they forget their login details, do not under any circumstances email usernames and passwords. Emails are often sent in “clear” or “plain” text which means the content of the email is unencrypted. If the email is intercepted, it’s trivial to extract your password from it. Your email is often stored in several systems or servers on its way to you. It will be saved in the sent email of the account it comes from, your own email server, and possibly any other systems or servers it passes through. If any one of those systems is compromised, it can reveal your password to hackers. Your email is also often stored locally on your laptop or workstation in plain text. If that were to get into the wrong hands, criminals would have access to your passwords. Even deleting emails doesn’t necessarily mean they are gone forever.

 

 


 

We can arrange cyber-security training for your team.

If you're interested, we can also help organise cyber-security training for your team to help increase awareness and protect against attacks. Training is provided via our ISO 27001 consultancy partners. Call us on 020 7099 6370 or get in touch.