Home Working Is A Threat To Cybersecurity

Uploaded on 2018-04-09 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Employees should avoid taking work devices and sensitive work information home with them and all charities are at risk of cyber-attacks regardless of their size or prominence, fundraisers have been warned.

Speaking at the Institute of Fundraising’s fundraising compliance conference this week, the cyber-crime expert Neil Sinclair, chief operating officer at London Digital Security Centre and formerly of GCHQ, said that there were 85 million attempts to hack computers in the UK every year and charities were potential targets.

He said many people thought that criminals would target relatively well-defended large companies or charities, whereas in reality they often focused on vulnerable smaller organisations, including many charities.

"If there is anyone at a charity who says their charity is too small or too isolated or too original to be a victim of a cyber-attack, they are lying to you," he said.

Sinclair also outlined some of the specific threats to charities and said people working from home or while commuting could be significant threat to a charity’s cyber security.

"Do you use the same devices at home as you use at work?" he asked. "Do you strictly keep those devices you use at work off your home network?

"You should use devices for work only in the workplace, on 4G or on a specific WiFi network."

For example, GCHQ did not allow personal devices to enter the workplace, Sinclair said, because they were more at risk of being hacked, and therefore could be used to record without people knowing, for example.

He also warned of using WiFi in locations such as pubs or coffee shops and said that staff should ensure they did not use sensitive company information while on digital devices that are connected to, unsecured, WiFi.

This is because it was relatively easy for criminals to replicate unsecured WiFi networks, Sinclair said, and it was therefore important to ensure the device used "forgets" the WiFi network once workers left the venue.

The trend for employees to send information to their personal devices to work on while commuting or at home also undermined cyber defences, Sinclair said, because sensitive information for the charity was being used in an environment that was outside the cyber defences the charity had in place.

He said that most cyber-attacks "are not targeted, they are random – they are fun, some of them", and people should be aware that if they use electronic devices connected to WiFi in public places they are vulnerable and "can be a victim just because you are there".

Sinclair said: "Should I really be taking my work stuff home on my own device? You shouldn’t – that’s the simple answer."

He added that many organisations were not actually carrying out their cyber strategies, with fewer than one in 100 actually having a plan that was enforced across the company.

Third Sector

You Might Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

Charities Are Vulnerable To Severe Cyber Attacks:

 

« Fake News Will Lead To A Cyber War
Iranian Hackers Adopt New Methods »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

Intrusion

Intrusion

Intrusion provides IT professionals with the most robust tool set available for performing in-depth research and analysis of network traffic.

Atlantic Council Digital Forensic Research Lab (DFRLab)

Atlantic Council Digital Forensic Research Lab (DFRLab)

The Atlantic Council’s DFRLab has operationalized the study of disinformation by exposing falsehoods and fake news, documenting human rights abuses, and building digital resilience worldwide.

Tesorion

Tesorion

Tesorion is a fusion of different enterprises each with its own specialisation in the field of cybersecurity. We have combined these specialisations to create an integrated comprehensive solution.

SCADASUDO

SCADASUDO

SCADASUDO is a cyber solution architecture and design office, established by leading experts in the field of OT (Industrial control) and IT (information Technology).

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

Cyberport

Cyberport

Cyberport is focused on facilitating the growth of major technology trends such as FinTech and cybersecurity as well as the emerging technologies of AI, big data and blockchain.

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

Senserva

Senserva

Senserva delivers a deep analysis for security user accounts and applications within the Microsoft cloud environment.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

ZeroGPT

ZeroGPT

ZeroGPT.com stands at the forefront of AI detection tools, specializing in the precise identification of ChatGPT-generated text.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.

CBIT Digital Forensics Services (CDFS)

CBIT Digital Forensics Services (CDFS)

CDFS is Australia’s premier supplier of digital forensic tools, industry-embedded training and certification to Law Enforcement, Government, and Corporate Enterprise.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.