Training

Home and remote working exercise

by Mark Rowe

How are your home working staff doing? safe from cyber attacks?! You can test their defences in a role-play exercise devised by the UK official National Cyber Security Centre (NCSC).

The ‘Home and Remote Working’ exercise is aimed at SMEs (small and medium sized businesses) as the latest addition, tenth in the series, to the NCSC’s Exercise in a Box toolkit; about drills in preparation for actual cyber attacks. Launched last year, the toolkit sets scenarios which you could face; such as, ransomware attacks, losing physical devices, and a cyber attack – a hacker testing an organisation’s cyber resilience. The focus is on three areas: how staff members can safely access networks, what services might be needed for secure employee collaboration, and what processes are in place to manage a cyber incident remotely.

At the end an evaluative summary is created, outlining next steps and pointing to NCSC guidance. Sign up at https://exerciseinabox.service.ncsc.gov.uk/.

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, said: “We know that businesses want to do all they can to keep themselves and their staff safe while home working continues, and using Exercise in a Box is an excellent way to do that. While cyber security can feel daunting, it doesn’t have to be, and the feedback we have had from our exercises is that they’re fun as well as informative.

“I would urge business leaders to treat Exercise in a Box in the same way they do their regular fire drills – doing so will help reduce the chances of falling victim to future cyber attacks.”

For NCSC guidance released in March about cyber-safe home working, visit https://www.gchq.gov.uk/news/ncsc-home-working-guidance.

Comment

Jonathan Miles, Head of Strategic Intelligence and Security Research at cyber firm Mimecast welcomed the new NCSC tool, ‘as the threat of cyber attack continues to rise’. He said: “In fact, our State of Email Security shows that 91pc of UK organisations believe their organisation volume of web and email spoofing will increase in the coming year, while 59pc of UK organisations have observed an increase in phishing attacks over the last year. It’s important that organisations prioritise cyber security, especially at a time where remote working has become the norm and connecting corporate devices via the home router becomes commonplace. This provides greater opportunity for malicious actors to infiltrate and obtain sensitive corporate data through unsecured home devices, so it’s important that businesses educate their staff on the tell tales signs of compromise and the benefits of good cyber hygiene practices.

“Regular cybersecurity awareness education is also key. Our State of Email Security report found 56pc of organisations don’t provide awareness training on a frequent basis, leaving organisations incredibly vulnerable. This is supported by further research which found that enterprises that didn’t utilise Mimecast awareness training were five times times more likely to click on malicious links as opposed to those companies that did. Often such training and education exercises may be viewed as burdensome or tedious, but it’s crucial that organisations work to change this perception and using tools such as these provided by the NCSC and others can significantly help. Our research has identified that awareness training, which is fun, interactive, and done in intervals can significantly help with retention, in addition to bolstering cyber defence in depth.”

Related News

  • Training

    Imbert Award 2017

    by Mark Rowe

    At the annual midsummer luncheon of the Association of Security Consultants (ASC), at a new London location, St Katharine’s Dock near Tower…

  • Training

    Obama at US cybersecurity day

    by Mark Rowe

    Figures in US business, cyber-security and administration including President Barack Obama were at Stanford University in California, for a ’White House Summit’…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing