Managing your homeworking cyber security risks

The COVID-19 pandemic has triggered a dramatic and what might become a more permanent switch to large numbers of the workforce working from home. Unfortunately, these employees are vulnerable to cyber criminals who see this as a perfect opportunity to strike. Cyber risks have increased significantly, and attacks have become a regular occurrence.
The more popular scams include cyber criminal impersonating the Government or emergency services sending information to download to those threatening online fines or ‘selling’ fake protective equipment.

The UK’s National Cyber Security Centre has recently warned of email distributed malware being sent by cyber actors as branded scams relating to the COVID-19 pandemic.  

Let’s take a example of if a remote worker sees a very convincing but fake email from the Government, clicks on a link, the costs for the organization can be significant in just that one click. If ransomware or malware are mistakenly accepted into an organization’s IT system there can be significant business interruption due to loss of information meanwhile the IT team is having to spend time resolving the issue.

It is important to balance keeping the operations running smoothly versus the cyber threat. However, every business regardless of size has a duty to implement good safeguarding tools and due diligence in order to stop the vulnerabilities to cyber threat.

Cyber security is only a good at the people who use the system so think carefully about some basic or advanced cyber security training which will always enable attacks to be spotted quickly and a procedure followed.

The COVID-19 situation has facilitated the pace of digital transformation and remote working enablement, organizations need to understand how secure their systems really are due to the change in which we operate. One way is a certification which instils change throughout the organization and encourages everyone to think of security.

Benefits of implementing ISO 27001 certification

There are many benefits and here we will summarise just a few. The most obvious benefit is that the risk related to information loss or unauthorised access is minimized. You will have a defined and implemented information management system which will include assigning roles, ensures colleagues are trained in building awareness and applying sound security measures through a systematic approach. It goes beyond policies and procedures.

Additionally, you will be able to demonstrate your commitment to meeting regulatory requirements. This will lead to greater trust by customers and will open the door to potential new business wins and the retention of existing customers.

The ISO 27001 certification process

ISO 27001 considers information regardless of where it is found (e.g., paper, information systems, digital media, etc.)

The initial certification process is carried out in two distinct stages. The first planned visit will be a review of the documented system where it will formally evaluated against the requirements of the standard. This will help to establish readiness for the stage 2 audit and highlight any areas of non-compliance that may require attention. Following the assessment, a detailed written report will be presented to the organization which will include any findings.

Stage 2 is effectively a full system review and a site assessment is carried out to verify that it has been successfully implemented, is being followed and that the requirements of ISO 27001:2013 are being met in practice. This can be demonstrated through a review records and conducting interviews. It is expected that the auditor will be engaging with all levels of employee from Top Management down. Upon completion of a successful audit the company will receive another formal report and a recommendation for certification will be made.

Certification is valid for three years and maintained through a programme of annual surveillance audits to ensure continuing compliance.

Be prepared for a new way of working. Learn more about ISO 27001

Click here to contact a BM TRADA certification expert who will guide you through the process.
We offer a wide range of management systems training courses

This article has been written for informational purposes only and should not be relied on for any other purpose. You should consult with your own legal and information security advisors or IT Department before implementing any recommendation or guidance provided herein.