The National Cyber Security Centre has issued guidelines on how to work from home securely.
The guidelines explain how to secure a home office from cyber-threats, including:
- How to avoid email phishing (including vishing) and how to protect your business email
- Using your home wifi securely
- Maintaining strong password practices
- Using work devices at home
- Using personal devices for work purposes
- Securing virtual/remote meetings.
Communications minister Richard Bruton (pictured) said now more than ever, people are relying on technology to stay connected. "This exposes you to risks which may be unfamiliar. This advise explains the risks of hacking and fraud and how you can protect yourself against them,” the minister added.
The view from the NCSC is that the speed and scale at which cyber-criminals and state actors have adapted their operations to exploit the general public’s anxiety and vulnerabilities created by the response to the Covid-19 pandemic has created a considerable amount of concern in the cyber-security community.
The NCSC advises: “These adaptations include reusing existing infrastructure with Covid-19-themed lures and texts; creating additional infrastructure to mimic Covid-19 related organisations; targeting organisations’ staff that are working from home; targeting healthcare services that are under stress responding to Covid-19; exploiting weaknesses introduced into business processes via their response to Covid-19; and creating malware with Covid-19 themes.
“The key threats to organisations during the response to Covid-19 stem from the phishing, social engineering, and remote access channels. These are not new threats, but with large numbers of staff working from home, there may be additional vulnerabilities where existing IT security services do not extend to remote devices, and where remote working was implemented under time pressure.”
Cyber-security firm Cofense has reported, for example, that though there hasn’t been an increase in the volume of email getting past defences, 80% of those that do have changed to Covid-19 lures.
The NCSC also stresses the importance of upgrading the security of home routers/modems, which are often left with a default password and network name (SSID). It recommends changing your existing password and ensuring the new pass word is very strong, by using a password generator rather than making one up, and changing the SSID name on your device.
The agency says this is extremely important, as if there is unauthorised access a remote access Trojan can be planted on the device either to extract valuable data or, worse, compromise the organisation’s system integrity.
It also advises disabling WPS (wifi protected setup) on a router, a feature with vulnerabilities but which is still often included as default on many devices.
The full guidance from the NCSC can be found here.