In reaction to the COVID-19 outbreak, many companies are taking government advice and asking employees to work from home where possible to help slow the spread of the virus. This is an excellent plan, but it does mean that the home office security then comes into focus for the would-be eavesdropper or information thief. In QCC’s experience homes and the offices they contain are often not protected by adequate protective security controls equivalent to those in place in corporate offices.

As always, attackers are ever keen to exploit any glimmer of vulnerability and the COVID-19 pandemic is no exception, indeed it is just another opportunity to an attacker. We know this to be true as the FBI have just reported a spike in COVID-19 related phishing attacks in recent weeks.

As ever QCC is immediately on to this new threat. Here are some of the things which should be checked or considered regarding security when home working:

  • Physical Security:
    • Is sensitive information stored or processed at this site?                               If YES
    • Has a physical / information security risk assessment been conducted?
    • Are there adequate controls in place to protect the site and information it contains?
    • Have identified vulnerabilities been remediated?
  • Cyber Security:
    • Is sensitive information digitally stored or processed at this site?                If YES
    • Has a cyber security risk assessment been conducted?
    • Are employee’s devices and systems secure?
    • Have identified vulnerabilities been remediated?
  • Eavesdropping:
    • Do sensitive calls and conversations take place at this site?                          If YES
    • Has the home office had a recent professional TSCM inspection?
    • Is the home clear of eavesdropping and are communications systems secure?
    • Have identified vulnerabilities been remediated?
  • Education:
    • Is the home worker dealing with sensitive information?                                 If YES
    • Has the home workers knowledge of secure remote working been assessed?
    • Have identified gaps in their working securely knowledge been plugged?
    • Give the home worker remote working securely update training?

The above list covers the main high-level actions to ensure homeworking is kept secure.

If you need help with any of the above points please contact QCC and we will be honoured to assist.

Stay safe!