Cub Llewelyn-Davies - Charity Sector Lead from the National Cyber Security Centre, provides guidance for charities moving to remote working
The current coronavirus pandemic, and the ensuing lockdown, has led to record numbers of people working from home. Over the past few weeks, we have championed remote working as a solution for charities who suddenly find they need to change longstanding working practices.
But this is not without its risks. With large numbers of employees signing into systems remotely, many of them on devices previously never logged or registered by these systems, even charities with IT departments may find their resources too stretched to verify the identity of these devices and their users.
Moreover, people are often more relaxed in their home working environment. This can mean that we don’t pay as much attention as usual to suspicious emails.
The charity sector has long been seen as an easy and lucrative target for cyber criminals. Cyber security has never been more important for the sector. NCSC Charity Sector Lead Cub, Llewlyn Davies offers expert guidance for charities.
As part of managing the coronavirus (COVID-19) situation, many organisations will be encouraging more of their staff to work from home. This presents new cyber security challenges that must be managed. Whilst working from home will not be new to many charities, the coronavirus is forcing organisations to consider home working on a greater scale, and for a longer period of time. You may have more people working from home than usual, and some of these may not have done it before.
To help support you through this change, the National Cyber Security Centre (NCSC) has released important and timely guidance to advise you on the key areas to focus on, including:
The full guidance is available at ncsc.gov.uk/guidance/home-working
Cyber criminals are preying on fears of the coronavirus and sending ’phishing’ emails that try and trick users into clicking on a bad link. Once clicked, the user is sent to a dodgy website which could download malware onto your computer, or steal passwords. The scams may claim to have a ’cure’ for the virus, offer a financial reward, or encourage you to donate.
Like many phishing scams, these emails are preying on real-world concerns to try and trick people into doing the wrong thing.
The NCSC have produced guidance on how to help your staff and volunteers spot the signs of phishing emails, and importantly what they should do if they think they have clicked on a malicious link or downloaded something dodgy. The key is not to blame them – these are difficult and uncertain times, and blaming your colleagues won’t help. Make sure they know how to contact the IT Team, and that someone is available to advise them on next steps.
You can find more resources for securing yourself and your remote systems from cyber attacks in our ’Related articles’ section.