NHS Digital’s head of security operations lead, Steve Fenwick, has some advice on how to stay cyber-secure while working from home
CREDIT: This is an edited version of an article that originally appeared on Digital Health
In the Data Security Centre at NHS Digital we support health and care organisations to be more cyber-aware, scanning the sector for upcoming threats, providing tools and services that increase security and sharing best practice to help those working in the field to be more cyber-safe.
Due to the COVID-19 pandemic millions of us have had to adapt to working from home, or remotely. This change has brought about many new challenges including an increase in cyber-attacks from criminals taking advantage of the crisis.
There are many security considerations to think about when working remotely; while the pandemic has given criminals greater opportunities to exploit potential weaknesses, these basic tips can help you to counter their tricks.
Phishing is a common scam that targets people by claiming to represent a reputable organisation in an attempt to obtain sensitive or personal data such as login details or ‘phone numbers. Now that many more people work from home, the figures show that cyber-criminals have taken advantage of this, with the number of phishing emails and calls reportedly rising by over 600% since March. Here are a few ways to make sure that you don’t fall victim.
- Check the caller ID and email addresses of anyone trying to access your information.
- Be especially cautious of calls or emails you were not expecting.
- Call colleagues if they seem to have sent you a suspicious-looking email
- Read all the content before clicking on links or giving out data – phishing emails often contain poor grammar.
- Be wary of anyone who asks you to check, renew or share login details or passwords – an official source will never ask you to share these personal details.
- If you are one of the 1.4m staff in the NHS who use NHSmail, reporting a suspicious email is as easy as clicking the ‘Report Phishing’ button on your MS Outlook ribbon, or forwarding it to [email protected].
- For everyone else in the sector, find out the process in your organisation for reporting spam emails
- Report every suspicion – this way, your security team can build a true picture of what is happening and whether a large-scale scam is taking place.
Malware attacks and hacks
While phishing attacks try to dupe you into giving out sensitive information, malware attacks allow hackers to use software vulnerabilities to access your system so that they can take the information they need, or gain control of your devices. You can guard against this using these simple steps.
- Install the latest software updates from official providers or NHS Digital on all of your devices.
- Download the most up-to-date software to ensure your device has a high security level which can prevent new cyber-attack.
- Don’t forget to check that the software on your router is up-to-date too.
- Invest in anti-virus and anti-malware software – but be sure to research any products you intend to purchase.
One thing that many of us don’t think about when we work from home is the password for our wi-fi router. Default router passwords can often be easily discovered, leaving them vulnerable to cyber-criminals who can then monitor your online activity or send you to malicious websites.
If you are still using the default password your router came with, change it to something more secure, using this advice from the National Cyber Security Centre’s experts.
Out and about
We all need to work around others from time-to-time, even when working remotely. Whether you are grabbing a coffee in public while writing a report, or live with other people, these final tips will help you to stay safe.
- Avoid using public wi-fi as these networks often lack sufficient security.
- Instead, work offline and connect later once you can access a secure network.
- Go online by tethering to your mobile device if you have sufficient data.
- Password-protect your sensitive work documents.
- Never allow anyone else to access your work devices for personal use.
- Always lock your device when you are away from it; this is essential if you live in shared accommodation.
- Do not print documents and work on them in public spaces as they will be vulnerable to theft or misplacement.
- Use a screen protector to prevent others from viewing your screen over your shoulder or ‘shoulder surfing’, in public spaces.
- Keep your work telephone conversations discreet, and hold them in a private place where possible.
Keeping information secure is everyone’s job. Make sure you know how to report an incident and do so, no matter how small you may think it is. It may have a bigger impact than you realise.