One of the key measures to reduce the spread of Covid-19 is social distancing, which for many organisations means encouraging – or instructing– staff to work from home.
But moving at short notice from a trusted office environment to working remotely can create security risks. On top of this, nasty opportunist crooks are already using the coronavirus as subject matter for their phishing scams, hoping that the unwary will click through and hand over passwords or other data.
With the rapid increase in remote working in mind, European cybersecurity agency ENISA has set out a series of recommendation
ENISA’s other security advice for home working for employees also includes:
- Ensure your Wi-Fi connection is secure. While most Wi-Fi is correctly secured, some older installations might not be, which means people in the near vicinity can snoop your traffic.
- Ensure anti-virus is in place and fully updated.
- Check all security software is up to date: Privacy tools, add-ons for browsers and other patches need to be checked regularly.
- Have a back-up strategy and remember to do it: All important files should be backed up regularly. In a worst case scenario, staff could fall foul of ransomware for instance. Then all is lost without a backup.
- Lock your screen if you work in a shared space: ENISA said workers should really avoid co-working or shared spaces at this moment and that social distancing is extremely important to slow down the spread of the virus.
- Make sure you are using a secure connection to your work environment.
- Check if you have encryption tools installed.
ENISA said employers should:
- Provide initial and then regular feedback to staff on how to react in case of problems. That means info on who to call, hours of service and emergency procedures.
- Give suitable priority to the support of remote access solutions. Employers should provide at least authentication and secure session capabilities (essentially encryption).
- Provide virtual solutions. For example, the use of electronic signatures and virtual approval workflows to ensure continuous functionality.
- Ensure adequate support in case of problems. This may require setting up special rotas for staff.
- Define a clear procedure to follow in case of a security incident.
- Consider restricting access to sensitive systems where it makes sense.