<< Go back to the previous page

Cyber security when working from home

Alert message sent 31/03/2020 09:42:00

Information sent on behalf of Derbyshire Constabulary

With many of us working from home during the current pandemic we’re sharing some advice for organisations on how to ensure they remain protected from cyber security threats whilst staff are remote working.

It’s a good practice to create a mobile working policy which assesses the risk to data and systems which may be posed by remote working.

This policy should include:

Authorising users to work remotely – create a policy for authenticating users before granting access to systems and resources (including data). This should consider the following aspects of authentication:

User to device: User is only granted access to the device after authenticating to it.

User to service: User can only access services after authenticating to the service, via the device.

Device to service: Only devices which can authenticate are granted access.

• Device security – develop and apply a secure baseline build and configuration for all types of mobile device and retain this for easy restore/configuration.

• Information stored on devices – minimise the amount of data stored to only that needed to fulfil the activity. If the device supports it, encrypt the data at rest (all force laptops are password protected and encrypted).

• Minimum security controls – increased level of monitoring on all remote connections.

• Protect data in transit – when working remotely the connection will most likely use the Internet. All information exchanged should be appropriately encrypted.

• Review incident management plans –Incident management plans should be sufficiently flexible to deal with a range of security incidents that could occur, including the loss or compromise of a device.

Of course, despite the best efforts of everyone it’s still possible that incidents will occur and it’s a good idea to have technical processes in place for remotely disabling a device that has been lost or denying access to a corporate network.

For more information and advice on protecting your business or organisation please contact Derbyshire’s Cyber Protect Officer Jodie Nevin on Jodie.Nevin @Derbyshire.Police.UK.


Message sent by
Carole Woodall (Police, Communications Administrator, Derbyshire)

Message tag words

Back to previous page
Click here to tweet this message to your followers

Discuss this alert message

Please see terms below before using this feature
Please be aware that the facility above is a Facebook service, posting your views will make some of your Facebook information visible to everyone (as with any Facebook activity).

The system administrators (VISAV Limited) monitor the content added. Any misuse or objectionable material should be reported to support@neighbourhoodalert.co.uk.

The views expressed do not represent the views of the system administrators who are VISAV Limited, the Police, Neighbourhood Watch and other Information Provider using this service.