Working from home, so are the hackers.
This article continues in our series of looking at “working from home“.
Many people have taken advantage of the governments advice for those who are able,
to work from home. Get to sleep in, avoid the daily commute, but it is also so a point in time when people can get lax about data security. The amount of cyber-attacks has increased during the corona virus outbreak, taking advantage of the current disruption to create maximum havoc. Maybe its because hackers are already self isolated as a profession anyway.
When working from home you are distanced from the normal disciplines of office life so everyone’s feels “off guard” in their own private residence. Yet data is being processed “off-site” so a certain standard of due diligence must be maintained.
Not all broadband packages are the same.
The thing to keep in mind is that home and business broadband packages are different. The reason that the price varies is that the provider has tailored options for a particular purpose. If you get hacked at home, you might miss out on a Netflix show. If work data gets compromised then that could mean the end of the business (fines, loss of customer loyalty and reputational damage alone). Therefore the software security applied to home packages are less stringent. That means when working from home you should be extra vigilant of suspicious emails, dodgy website (man in the middle attack) and performance issues (Trojans or other viruses, this time of the software variety). All this you should have received training as part of your company’s compliance with GDPR, but that was very rarely implemented. If unsure keep in contact with your IT department.
Securing your data when working from home.
The other thing is that just because you are working from home might mean you feel secure but doesn’t mean your data is. If a member of your family or a visitor sees sensitive personal data on your computer screen, that is considered to be breach and should be reported. This is not as outlandish as it seems as a client of mine suffered a Ransomware attack from a manager’s laptop through a remote desktop connection. Although the manager would not have had the expertise to carry such a task, someone who had access to that laptop did.
Remote working procedures and training.
Your organisation should have documented procedure in place, preferably a “Working for home” policy. When someone enters the room, press Windows “L” on the keyboard to lock the screen or if you use a laptop, close the lid. Apply a “Privacy screen” manipulates light so only the person directly in front can read the details. All of this should be understood, and agreed upon prior to anyone working from home. If management has not provided appropriate procedures and subsequent training, then they will be held liable.
Again, not saving data on the C drive. Your place can still get burgled and a laptop is easy to carry. If no data is held on the C drive, then even if they do crack the password then there will be nothing there. IT will then have enough time to remove any credentials for them to try and log into the server, SharePoint or any other cloud solution. Most remote access solutions these days have a time out function anyway, so if you don’t save the password in the key chain then that prevents immediate access.
Working from home, a joint venture.
With the sudden rush to keep everybody working during this curfew, not a lot of thought or training has gone into preparing the workforce for such a change of lifestyle, let alone other security concerns. No doubt cyber criminals will take advantage during these upheavals so it up to management and staff to do some catch up work in order to keep their information safe.
About the Author.
Malcolm Ford has over 10 years experience working with ERP databases and has advised companies on their information security concerns. He works remotely most of the time and has developed methods to keep data away from prying eyes..