The National Cyber Security Centre (NCSC) has published advice on security measures to support home working.
The step has been taken as many organisations in public and private sectors staff to work from home in response to the spread of coronavirus.
NCSC said it is new for many organisations and employees. In response it has outlined its recommended steps, with a particular focus on how to prevent damage from phishing emails.
The guidance refers to the centre’s earlier advice on spotting phishing emails, the main message of which is not to clink on links in any message that looks suspicious.
It adds that there are steps that can be taken if a link is accidentally clicked, including running a full scan with antivirus software and quickly changing passwords if one has been given to the scammers.
The advice on preparations for working at home ensuring that devices encrypt data while at rest in case they are lost or stolen, and that they include tools for them to be remotely locked and the data erased.
It includes a recognition that remote users might need to use a different software at home than when they are in the office, and the employer needs to produce written guides for the relevant features and the test the software works properly. The organisation should also consider producing ‘How do I?’ guides for using specific tools, and make sure that devices.
NCSC advocates the use of virtual private networks that can control access to systems and create an encrypted network connection, authenticating the user and/or device and encrypts data in transit. Again, it has previously produced specific guidance on how VPNs should be used.
There is also advice on the management of removable media such as USB drives and cards, and for employees using their own devices.
Image from NCSC, Open Government Licence v3.0