Cyber Security & Returning to the Workplace: Part TwoPosted By: Helen Monday 21st June 2021 Tags: cyber essentials, cyber secure, Cyber Security, Teesside
Today we are following on from a previous post, Improve Cyber Security Upon Returning to the Workplace. Covering device hygiene practises including passwords, file transfers and even a little more on phishing, this is the perfect checklist for ensuring you and your team are covered.
With many companies continuing to make the transition back to the office, it’s imperative to consider your cyber security action plan. During the coronavirus outbreak there has been an 85% increase in phishing attacks targeting remote workers across a specific three month period. Based upon this upsurge, logic suggests purports to similarities upon returning to the office.
Do you have a contingency plan?
We understand many businesses are absolutely desperate to get back to ‘normal’ and can’t reiterate enough the importance of doing so with extreme caution. In taking the points raised throughout this blog into consideration, your company is likely to experience a much smoother transition from home to office or hybrid split.
Device Hygiene is Crucial
Whilst members of your team have been working diligently from home, they may have used personal devices to complete certain tasks. Using different PCs and mobile devices means they are likely connected to company data in some way thus posting potential risks.
- Share the importance of cyber security with your team and why it matters in relation to the below
- Ensure team members are fully logged out of all company systems across all personal devices
- Request deletion of any downloaded company data onto personal devices
- Request VPN software used to access company networks is also uninstalled on personal devices
Never to be overlooked is the importance of passwords and it certainly pays to highlight the dangers attached to using the same passwords for everything! Upon returning to work, employees could well have forgotten passwords due to lack of use. In addition, those created at home and on personal devices have a tendency to be simpler than in the office.
- Remind employees how important secure passwords are for device, systems and data protection
- Emphasize how exposed and insecure passwords have the potential to endanger your company
- Make sure your team understand they are required to choose strong passwords
- Re-iterate the vulnerabilities of password sharing over text, email and when written down
- Investigate the use of account privileges as opposed to shared passwords where possible
At LaneSystems we highly recommend the use of password vaults such as LastPass. Keep all passwords under one roof whilst securely sharing with others.
File Transfer Hygiene
The transition of working from home to back in the office will undoubtedly include the transfer of files from home to work devices. This is another aspect requiring safety measures and should not be overlooked.
- Zip and encrypt
- Add files to an encrypted USB stick or hard drive for utmost security
- Advice employees not to email these to themselves
Phishing Training & Education
We’ve mentioned the dangers of phishing in numerous blog posts and whilst this may appear repetitive, such aggressive tactics by hackers require powerful discussion and much reiteration! As the number one cyber security risk to be aware of upon transitioning, it’s crucial your team is aware of exactly what to look out for. Prominent and regular cyber secure training is highly recommended.
- Add to company policy how passwords should never be sent over text or email
- Ensure regular, dedicated face to face (including online) training
- Share recommended Cyber Security sources with employees
- Educate staff on reacting to emails appearing urgent and how to action such correspondence
- Provide relevant training on email attachments and when these are ok to click
- Highlight the importance of never clicking on email links that aren’t expected
It’s sometimes easy to forget whilst remaining secure online that we must do the same offline too. Are you fully aware of exactly who everyone is within your building right now? At the very least, are all the people currently milling about authorised to be there? This particular element of security comes down again, to communication, best practice, training and reminders.
- Ensure employees never lend keys or key cards to others, not even a colleague
- Upon entrance to a premises advise your team to keep an eye on anyone following them in
- Train staff to have keys stored safely with key cards on the person at all times as opposed to left on desks
In making sure you have a solid, transitional, return to work plan in place, you’re staying on top of cyber security responsibly whilst giving employees and your business the best possible chance of returning to ‘normal’.