Home Working Is A Threat To Cybersecurity

Employees should avoid taking work devices and sensitive work information home with them and all charities are at risk of cyber-attacks regardless of their size or prominence, fundraisers have been warned.

Speaking at the Institute of Fundraising’s fundraising compliance conference this week, the cyber-crime expert Neil Sinclair, chief operating officer at London Digital Security Centre and formerly of GCHQ, said that there were 85 million attempts to hack computers in the UK every year and charities were potential targets.

He said many people thought that criminals would target relatively well-defended large companies or charities, whereas in reality they often focused on vulnerable smaller organisations, including many charities.

"If there is anyone at a charity who says their charity is too small or too isolated or too original to be a victim of a cyber-attack, they are lying to you," he said.

Sinclair also outlined some of the specific threats to charities and said people working from home or while commuting could be significant threat to a charity’s cyber security.

"Do you use the same devices at home as you use at work?" he asked. "Do you strictly keep those devices you use at work off your home network?

"You should use devices for work only in the workplace, on 4G or on a specific WiFi network."

For example, GCHQ did not allow personal devices to enter the workplace, Sinclair said, because they were more at risk of being hacked, and therefore could be used to record without people knowing, for example.

He also warned of using WiFi in locations such as pubs or coffee shops and said that staff should ensure they did not use sensitive company information while on digital devices that are connected to, unsecured, WiFi.

This is because it was relatively easy for criminals to replicate unsecured WiFi networks, Sinclair said, and it was therefore important to ensure the device used "forgets" the WiFi network once workers left the venue.

The trend for employees to send information to their personal devices to work on while commuting or at home also undermined cyber defences, Sinclair said, because sensitive information for the charity was being used in an environment that was outside the cyber defences the charity had in place.

He said that most cyber-attacks "are not targeted, they are random – they are fun, some of them", and people should be aware that if they use electronic devices connected to WiFi in public places they are vulnerable and "can be a victim just because you are there".

Sinclair said: "Should I really be taking my work stuff home on my own device? You shouldn’t – that’s the simple answer."

He added that many organisations were not actually carrying out their cyber strategies, with fewer than one in 100 actually having a plan that was enforced across the company.

Third Sector

You Might Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

Charities Are Vulnerable To Severe Cyber Attacks:

 

« Fake News Will Lead To A Cyber War
Iranian Hackers Adopt New Methods »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

THEC-Incubator

THEC-Incubator

THEC-Incubator program is designed for international and ambitious tech startups in the Netherlands. Areas of focus include Blockchain and Cyber Security.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.

Redpoint Cybersecurity

Redpoint Cybersecurity

Redpoint Cybersecurity is a human-led, technology-enabled managed cybersecurity provider specializing in Digital Forensics, Incident Response and proactive cyberattack prevention.

IT-Schulungen.com / New Elements GmbH

IT-Schulungen.com / New Elements GmbH

Under the name IT-Schulungen.com, the Nuremberg-based New Elements GmbH has been operating one of the largest training centres in the German-speaking world for over 20 years.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.