Cyber Security Awareness
Posted on: 9th June, 2020
As so many of us are now working from home, where security protocols may not be so rigidly enforced as in an office, there are many steps that we should be taking to protect ourselves and sensitive data, whether that is personal data or belonging to an employer.
It is quite likely that many more employees will be asked to work from home much more often in future; so how can this be done as securely as possible?
- Keep your company data in one central point, such as in the Cloud, using Microsoft OneDrive, Google Drive, etc; or on the company Server back in the office.
This allows you the opportunity to easily back up the data, as well as enabling all staff to see the latest data, with any changes made by another member of staff synced to the central storage
If you are using the Server in your office this should be protected by a “VPN” (Virtual Private Network), only allowing access to authorised personnel with the correct credentials.
If using a Cloud Service then “2 Factor Authentication” should be mandatory for all staff.
- Backup your data!
Backing up the data that your business relies on is blindingly obvious – and yet so often ignored. The backups should be as regular as possible – at least daily, if not more often – and the system should be tested. It is one thing to know that you are backing up your data, but how do you know that you can restore it when absolutely necessary?
Backups should be kept separate from the actual data, preferably offline or off-site. Ransomware attacks, where the company data is encrypted by a virus and a ransom is demanded for the decryption key, will also attempt to encrypt hard drives attached to the infected computer. Offline, or Cloud-based, backups are safe from such attacks.
- Enforce security policies.
Although an employee may be using their own, home computer, the company still has a duty to protect any sensitive data, especially in regard to GDPR. Enforcing the same security policies as would be used in the office may be more difficult to police, but remains just as important.
If necessary, employers should be providing company computers for use by employees at home, along with written policies on how such equipment must be cared for.
For instance, having policies for regular software patches and updates; having the correct anti-virus protection installed; training staff how to spot “phishing” emails; ensuring that the default password on the home router is changed, etc.
- Staff Training.
The company workforce may now be spread across the county, all working from their own homes and remote from each other, which makes it harder to get everyone together for training.
This is far from impossible though, and with the help of Video Conferencing, it is quite feasible to provide staff training to your workforce over the internet.
- Seek security advice.
There are some very good datasheets produced by the National Cyber Security Centre, such as their Small Business Guide to Cyber Security: https://www.ncsc.gov.uk/collection/small-business-guide
Northumbria Police can carry out a free “Cyber Security Vulnerability Assessment” for local businesses. See https://victimsfirstnorthumbria.org.uk/wp-content/uploads/2018/01/1798_Vulnerability-Assessment-cyber-crime-a5-leaflet-2.pdf
And, Northumberland-based businesses can ask us for an IT System Audit of existing infrastructure. This is a free service, whether you have 1 or 100 computers, and you will receive a written report detailing your existing systems with costed recommendations for any potential improvements.