Welcome to this weeks guest blogger, one of our lovely business associates, Chris Roberts!
He is an IT and security expert at Cybata, specialising in compliancy with the European General Data Protection Regulation (GDPR), protection against cyber crime and various other potential security breaches.
Visit his LinkedIn
We’ve all had to react fast to COVID19 threat. A significant change has been the move to more homeworking. Homeworking if not implemented well can introduce new risks that need to be understood.
Practical security steps for commercial organisations.
1. Adding a second level of security for your critical applications. Ensure Two Factor Authentication (2FA) is enabled on all your important/critical applications. This is a simple and hugely effective measure. This link https://twofactorauth.org shows common applications that support 2FA. Specific sector, online applications will, generally, under their setting pages give an option to enable 2FA or MFA (Multifactor Authentication) if they support it.
2. Ensure your passwords are updated. In-line with the National Cyber Security Centre (NCSC) recommendations ensure you use strong passwords – three random words is your strongest password.
3. Be even more paranoid of phishing and other scams. If something looks suspicious, don’t click or act on it and report it internally and to your outsourced IT supplier if you have one. Email scams related to COVID-19 are already on the rise.
4. Secure your home router. It is essential to ensure your home WIFI router has a strong password and is up to date. So many of us forget this simple action and its really easy to do!
5. Use VPN technology to connect to your organisations IT systems. Securing remote access to internal systems and online services is typically achieved by using a Virtual Private Network (VPN). In the case of CoronaVirus — many people have turned to VPNs for help. See VPN explanation below.
6. Disconnect from the company’s VPN when not in use. Leaving your connections open can increase the likelihood that if you’re breached, that extends past your machine and into your own network.
7. Don’t use your personal laptop or desktop. Don’t fall prey to the habit of using your personal machine for work. It’s inherently less secure than your work machine and your own machine will have all manner of non-work applications installed that could be used to access your organisation.
8. Don’t share your online meeting IDs or meeting URLs on social media. Online meetings are increasingly productive tools that allow people to work from anywhere, not just the office. But they come with a caveat: Sharing the meeting ID or URL can allow people to drop in and listen to sensitive conversations, record your voice or video, and infiltrate your new virtual workplace.
9. Where you have an outsourced IT supplier. You should be challenging them to identify any weaknesses in your IT system. With this information you can make good management decisions.
If you have any additional questions or worries, we can help connect you with Chris by contacting us