By Neil Gibb on March 23, 2020

9 physical cyber security tips for transitioning to remote working

Cyber Risk and Assurance, Industry Trends & Insights

Many companies find themselves closing their doors these days for an uncertain period of time. Social distancing and self-isolation are the right moves in the midst of what the world is dealing with, but just because businesses are taking these steps doesn’t mean that cybercriminals will respect them.

There’s a good chance that with no one in the office, hackers will see this time as an opportunity to steal information and data while no one is the wiser. Or, with everyone working from home, employees could forget that cyber security policies apply everywhere – including from the living room.

Integrity360’s physical cyber security expert Neil Gibb has a few tips to help organisations keep their records and servers safe from cybercriminals during the months ahead.

1. Have employees clear their desks and lock away valuable information

In many offices, the decision to work from home was made overnight. That might mean that employees who were working on projects have papers which contain sensitive financial or personal information lying around or kept in unlocked drawers.

With employees being encouraged to work from home, ensure desks are cleared before the lights are turned off for the last time. Passwords left in notebooks or on Post-Its and customer records stowed in clearly marked folders make easy pickings for a cybercriminal.

2. Lock internal doors as well as entranceways

Whether it’s in the digital or real world, all hackers are pretty much the same: their plan of attack is usually whatever’s easiest. Many have figured out that once they crack through the entrance of the building (or break a window to get in), they’re able to freely roam the office.

Businesses should lock internal doors wherever possible to deter some attackers or slow their progress through your organisation’s premises. This can buy time for security or authorities to respond, assuming there’s a security system in place.

3. Shut down non critical systems

It really doesn’t get much simpler than this: if it’s not switched on, it can’t be hacked.

Hackers will commonly use vulnerable targets as an entryway into the greater digital estate. By limiting how many potential backdoors there are into the network, companies can reduce the attack surface and ensure better security.

4. Lock away equipment

Not all cybercriminals are looking to do damage or steal information in the moment. Instead, they could be looking to set in motion a plan that offers them a greater windfall - and for your company, a much more serious data breach.

Workstations, USBs and external hard drives can be taken by an attacker to be used at a later date. These should be securely stowed away, with access limited to the personnel ordinarily responsible for them.

5. Restrict employee access

We never like to think the worst of people, especially in times like these. But it’s important to remain realistic about your cyber security strategy.

Disgruntled or untrustworthy employees may take advantage of the current situation by entering your organisation’s premises when no one is there in order to steal product blueprints or sensitive information. Take away keys of non-essential employees and if RFID access controls are in use, restrict access to allow only essential employees during this time.

It’s also important to remember that just because everyone is working from home, it doesn’t mean that rules don’t apply. Employees may overlook certain aspects of cyber security policies that they might adhere to otherwise.

6. Be mindful of your surroundings

As many companies are still fully operational during this time, there’s a chance that important meetings discussing sensitive information still take place as scheduled. It’s important that these are conducted in private, as they would be in the office.

Just because someone is a relative or a friend doesn’t mean they are privy to confidential information. Similarly, taking a call while on a walk to get fresh air or exercise may seem like a great idea, but be cautious about what is said when other people are around – or avoid it altogether.

7. Lock unattended workstations

The sad but unfortunate truth of cyber security (and crime in general) is that most crimes against people are committed by someone the victim knows.

Ensure workstations are locked when left unattended to significantly reduce the risk of sensitive information being accessed. It’s an especially good tip to follow if there are small children around the house – one minute you’re grabbing a cup of tea, the next minute little fingers are deleting the report you’ve just been working on.

8. Lock down workstation at the end of each day

If you can work from under the duvet of your bed, congratulations to you – you’re really benefiting from working from home. For most people, designating an area to work and stay focused is usually a great tip.

This tip can also be extended to cover hardware. Designate a safe place to shut down and lock away your workstation when the working day is done. A cupboard, drawer or even the attic can be used as a short-term solution and to keep the equipment out of harm’s way – both accidental and intentional.

9. Reinforce security policies at home

It’s easy to think of working from home in a different light, but from a cyber security perspective it must be treated the same as the office. That means any security policies that have been implemented by the organisation should be followed.

Remember, these policies have been put in place for a reason – sometimes for reasons we don’t fully understand. But then a security breach happens and wouldn’t you know: hindsight is a wonderful thing.

If your company needs any assistance improving its remote workforce cyber security policies, processes and solutions, contact Integrity360 to learn how we can help.

Sign up to receive the latest insights

Join our cyber security community to stay up to date with the latest news, insights, threat intel and more right in your inbox.  All you have to do is choose how often.