Information Security & Working From Home

Lock for protecting privacyCyber criminals are constantly active looking for weaknesses and vulnerabilities to exploit in systems and security controls. But during the current Covid-19 pandemic there has been an increase in the number of scams and attacks aimed at using the crisis.

These attacks are either exploiting the coronavirus directly (i.e. emails relating to HMRC payouts) or exploiting the millions of businesses that have been forced to alter their working patterns (i.e working from home).

The NCSC (National Cyber Security Centre) have recently reported that they have detected more UK Government branded scams relating to coronavirus than any other subject. The FCA have published statements on their website regarding information security and the coronavirus.

“The exceptional circumstances introduced by coronavirus have required firms to change their ways of working at pace and have altered the threat landscape faced by many financial services organisations. As more organisations enable their employees to work from home, online systems are becoming increasingly mission critical and cyber criminals are exploiting the situation for their own gain.”

Home Working Guidance

During these unprecedented times, information security and having a robust business continuity plan in place are essential, which includes developing controls and measures for alternative ways of working and prioritising information security controls to make sure they are effective and adequate.
The NSCS have published guidance on home working and whilst some business may slowly be returning to work, it is expected that many individuals will continue to work from home for months to come.
Home Working Guidance

If you are reviewing your existing Information Security Policies or are looking to implement a robust and structured program, take a look at our Information Security Toolkit which contains a large number of policies and templates to help firms with some of the areas covered in certifications such as Cyber Essentials and ISO 27001.

Covering areas such as business continuity, firewalls, malware and anti-virus protections, asset management, remote working, bring your own device (BYOD), general information security and much more.