1. What cyber security risks do you face when working from home?
Unauthorised Device Access - Even when working from home, your device must be locked whenever you leave it. Even though it may “only be family” that can see your screen, it is still a Cyber Risk
Sensitive Data Exposure - This applies to electronic devices, and physical paper documents/notes. Even family members should not be allowed to see Sensitive Data, and this would be a breach of GDPR. The best practice is to implement a Secure Storage Cabinet where all work items (devices, documents, notebooks etc.) can be kept.
Using the correct device - BYOD (Bring Your Own Device) is a common strategy amongst SMEs and WFH culture, However, if it is implemented it is important to ensure that work data and personal data are kept completely separate - if an Attacker gets your device, they may be able to gain further access to all the company information if it is not secure. The best practice is to use separate work and personal accounts and ensure strong, and unique passwords are used, in combination with Multi-Factor Authentication.
2. How can I ensure my home router is secure?
The best way to ensure your router is secure is to change the default password that is supplied by your Internet Service Provider. When changing the password, it is important to follow NCSC Guidance of combining 3 random words, letters, numbers and special characters, with a minimum length of 15.
For more detailed information, read the NCSC guidance here.
3. Why do I need backups? How often should I be backing up my files?
There is no “one size fits all” approach for backups. The schedule will depend on business needs - some may require backups every 12 hours, but for others, it may be acceptable to back up every 24 hours. The most important aspect however is to make sure any Backups are stored separately from your business's network - either in the cloud or on a completely separate hard drive that is not network-connected
Backups are one of the most effective defences against Malware Attacks because if you are the victim of one, and your data is encrypted by an Attacker, you effectively “ignore” the attack by reverting to your Backed Up data and start restoring business continuity from there.
4. Do I need to use the cloud for my backups?
No, you do not need to use the Cloud. Depending on business size and requirements, an acceptable solution may be to manually back up your business data to a physical storage device such as a hard drive. But this hard drive must be completely disconnected from the business network when not in use.
5. What are the benefits of a Remote Working policy?
With more staff working remotely many businesses in the UK have made cost-savings through reduced reliance on large offices and reduced staff turnover. Staff can often find increased motivation in a role which has introduced flexible hours and then be more comfortable to stay in a job and progress.
Giving employees access to a hybrid working environment will give them the option to work comfortably from their home office. This may be especially useful when offering remote work on a flexible basis for employees with childcare needs, medical appointments or when having work done at home.
Spending long periods travelling to work each day can be a strain for all of us, especially with train strikes and cold, wet weather during the autumn and winter months. Remote workers can often feel more motivated and organised when working without a commute, with many workers using their commute time to talk walk and exercise before and after work.
Did you know? Members of the Cyber Resilience Centre get access to several Cyber Security Policy and Procedures Templates to help staff you put the right measures in place to ensure your business has clear security strategies and can respond efficiently if an incident occurs. Learn more about our Membership options for your business.
6. What key things should be covered in a Remote Working policy for a business?
Explain why you’ve created the policy and which members/teams it applies to. For example, you may want to clarify whether the remote worker policy is in effect only temporarily or if your business has decided to offer all staff flexible working contracts. Specify whether your contractors, part-time employees, interns and new hires are covered by this policy, or if it only applies to existing full-time employees who have been with your company for at least six months.
Outline who is working from home and when. For instance, your remote work policy may state that people in client-facing roles can only work from home three days per week. You can also create other criteria rules, such as those who have passed their probation can work remotely.
If your business is entirely remote, there may be some eligibility criteria you’ll want to include; will employees need to live within a certain distance or can they move anywhere in the UK?
Some roles aren’t suited for remote work; employees who need certain equipment that can’t be replicated at home, access documents available only in the office or regularly interact in person with clients. If there are broad categories of positions that are not eligible for remote work, remember to list them in your policy.
Read the full list of FAQs on Remote Working here.