Maintaining cyber security while working from home
During this challenging time, you may be contemplating altering your existing security policies, with the aim of making access easier for your users. For example, you might be thinking about lengthening the time between any mandatory password changes.
Whilst we understand the appeal of trying to make people’s lives easier while they work from home, we would urge organisations to fully evaluate the risks before making any decision to reduce the levels of security that are engaged.
Indeed, based on the risks which we have identified, we fundamentally do not recommend taking any action which weakens security settings within current infrastructures.
What are the risks?
Phishing attacks can be used to install key-logging code onto a device, which would enable the attacker to capture usernames and passwords. Therefore, the risk of increasing the length of time between password changes enables attackers to use these account credentials so that they can access company data and possibly carry out cybercrimes against customers and suppliers.
Please be extra vigilant at this time
The National Cyber Security Centre (NCSC) is reporting that phishing attempts are currently on the increase. The NCSC is working hard to try to reduce the attacks that are using the topics of COVID-19 and Coronavirus advice in order to lure users to ‘click the link’. However, they recognise that cyber criminals are opportunistic and are therefore looking to exploit people’s fears.
Let’s try to be as safe as possible online
Our engineers will be happy to support any of our customers who are encountering issues with logging in from remote connections. Indeed, this is preferable to an alternative scenario which could see businesses suffer the devastating consequences of a cyber-attack.
NCSC advice is available here.
If you have any concerns about cyber security
Feel free to contact Lorraine Mills, Managing Director of Blue Rock Cyber Defence Ltd: lmills@bluerockcd.co.uk.