Here at CRIBB Cyber Security, part of theICEway ecosystem of companies, we have worked with IT teams from healthcare, travel, retail and the cruise industry for years to deliver results. During this difficult time for the world, we have pledged to work together to keep both our staff and our clients safe, recently switching to a complete remote working set-up. Today we look at how you might achieve the same, with some handy hints from our cyber security experts to keep in mind…
The Coronavirus pandemic has thus far had a huge impact on the globe, and unfortunately it seems as though the next few months will continue to be a struggle. Causing unprecedented mass disruption, COVID-19 and its various after-effects are things that we are all battling against together, and within that spirit of togetherness hopefully lies the key to us all pulling through.
Our teams at theICEway have always embraced this philosophy and are doing so ever-more wholeheartedly now, with a remote working policy in place for our offices in the UK, Europe, Australia and the US. This provides just one example of the effort we are collectively making to beat this virus.
By staying away from crowds and public gatherings, we are all trying to stay healthy and safe, and are encouraging everybody else to do the same – remember, you might not consider yourself to be ‘at risk’ but the other people around you may fall into that category.
Staying at home rather than going into the office is something that we all daydream about at one time or another, but now that it has become a necessity, it doesn’t feel quite so idyllic – does it? There are only so many exercise routines to get into before you yearn for an alternative source of stimulus. At least, that’s how we feel…
Working from home is looked upon differently depending upon your situation and point of view, but at this moment in time it is the reality for many of us. Therefore, a key question must be: How can you work efficiently whilst working remotely? And a key cyber-security question must be: How can you work securely whilst working remotely?
Our resident cyber security guru, Patrick Carolan, attempted to answer at least one of these questions and more…
Patrick, last week theICEway implemented a full remote working policy in order to protect the well-being of both our staff and others. From a cyber security perspective, how can you ensure a safe and secure environment?
Fortunately, theICEway ecosystem of companies is made up of tech companies that already have the infrastructure and policy needed for remote working in place. Add to that the fact that staff were encouraged to take whatever equipment was needed to be able to work as normal as possible, and we were in a very strong position to cope when it became clear that remote working was going to be required.
For those companies not in that position, they should start off by considering the key points: –
• What is the status of their infrastructure RE: Remote working – do they need to acquire extra PCs or laptops that are suitable and secure enough to give to staff?
• Do they have a remote working policy in place? Does it need to be updated? Do they have the appropriate knowledge or a qualified person to do that? If not, or if they do not have such a policy in the first place, are they in a position to get one drafted up and then communicated to all relevant staff?
A communication plan / strategy would probably need to be in place for that and indeed for then keeping in contact with all relevant staff, correct?
Absolutely, along with a timetable showing who should be working remotely and when. Planning is vital with this, as it is with all projects really; you must not activate a remote working effort without having a robust plan. That plan should address all of the logistics from both a human and a machine perspective, which means that all participating staff know what they are doing, and they know what security measures to follow.
Can you give us any examples of the security measures they should be following?
Any member of staff using company devices outside of the workplace will be exposing them to greater risk, and so these devices need to be protected against these risks. It is the responsibility of the company to make sure that the devices have full-disk encryption, and then the employee needs to make sure they log out when not using them. They should also never leave any device unattended or on public display, and there also needs to be a strong password policy in place that staff are aware of and follow because a lot of passwords need to be updated on a regular basis.
Assuming that there will be many people asked to work from home who have never done so before, are there any tips you can give companies on how best to tackle this?
It’s an interesting point, companies should definitely think about asking those people to conduct an audit of their home environment. They would need to check for vulnerabilities before connecting work devices up; for example, do they have the latest firmware or software on their own devices? Do they have strong enough passwords on them? There are lots of IoT considerations to keep in mind, plus companies could also consider implementing the use of a connected home monitoring app. I’d certainly suggest that measure for those companies dealing with large scale data processing, or sensitive data. These should also initially establish whether or not a member of staff needs access to the internal network or simply access to cloud-based services and emails. Another question to keep in mind would be: Does this person need the same level of access to sensitive data remotely as they do in the workplace?
There are a great many considerations to go over on this topic, but hopefully the above transcript provides a good basis to start from if remote working is all new to you. Of course, even if it is something that you embraced long ago, it is well worth revisiting to ensure that your efforts are up-to-date and fully compliant…
Glossary
theICEway ecosystem of companies – a collection of brands providing IT solutions and working together with your IT team to deliver
Full-disk encryption – This ensures that company data is not accessible even if a device falls into the wrong hands
IoT – Internet of Things
Connected home monitoring app – An app that is used to manage all of your connected, household devices by allowing you to set rules based upon sensor readings and previous interactions. Examples include Olisto and Yonomi.
Top Tip
If you are moving more of your workforce into remote working and require advice, CRIBB Cyber Security and theICEway can help so contact our experts today.