Connect with us

News

COVID-19: Sophos shares five tips on how remote workers can stay cybersecured

Published

5 years ago

on

BY: Sandra Ani

Following the Federal and State Governments directives that businesses in Nigeria should adopt measures to curtail the spread of Coronavirus many if not most organisations have already crossed the “working from home”, or at least the “working while on the road” bridge.

Therefore, the global concerns over the current coronavirus (Covid-19) outbreak, and the need to keep at-risk staff away from the office, means that lots of companies may soon and suddenly end up with lots more staff working from home

A global cybersecurity Company has also suggested that it is vital not to let the precautions intended to protect the physical health of a company staff turn into a threat to their cybersecurity health at the same time.

“Importantly, if you have a colleague who needs to work from home specifically to stay away from the office then you can no longer use the tried-and-tested approach of getting them to come in once to collect their new laptop and phone, and to receive the on-site training that you hope will make them a safer teleworker”, Principal Research Scientist Sophos, Paul Ducklin, said while stressing that organisations  are now in need to set remote users up from scratch, entirely remotely, something some have not done a lot of in the past.

Ducklin went ahead to list five tips for working from home safely:

1. Make sure it’s easy for your users to get started:

“Look for security products that offer what’s called an SSP, short for Self-Service Portal. What you are looking for is a service to which a remote user can connect, perhaps with a brand new laptop they ordered themselves, and set it up safely and easily without needing to hand it over to the IT department first.

“Many SSPs also allow the user to choose between different levels of access, so they can safely connect up either a personal device (albeit with less access to fewer company systems than they’d get with a dedicated device), or a device that will be used only for company work.

“The three key things you want to be able to set up easily and correctly are: encryption, protection and patching.

“Encryption means making sure that full-device encryption is turned on and activated, which protects any data on the device if it gets stolen; protection means that you start off with known security software, such as anti-virus, configured in the way you want; and patching means making sure that the user gets as many security updates as possible automatically, so they don’t get forgotten.

“Remember that if you do suffer a data breach, such as a lost laptop, you may well need to disclose the fact to the data protection regulator in your country.

“If you want to be able to claim that you took the right precautions, and thus that the breach can be disregarded, you’ll need to produce evidence – the regulator won’t just take your word for it!

2. Make sure your users can do what they need

“If users genuinely can’t do their job without access to server X or to system Y, then there’s no point in sending them off to work from home without access to X and Y.

“Make sure you have got your chosen remote access solution working reliably first – force it on yourself! – before expecting your users to adopt it.

“If there are any differences between what they might be used to and what they are going to get, explain the difference clearly – for example, if the emails they receive on their phone will be stripped of attachments, don’t leave them to find that out on their own.

“They’ll not only be annoyed, but will probably also try to make up their own tricks for bypassing the problem, such as asking colleagues to upload the files to private accounts instead.

“If you’re the user, try to be understanding if there are things you used to be able do in the office that you have to manage without at home.

3. Make sure you can see what your users are doing

“Don’t just leave your users to their own devices (literally or figuratively). If you’ve set up automatic updating for them, make sure you also have a way to check that it’s working, and be prepared to spend time online helping them fix things if they go wrong.

“If their security software produces warnings that you know they will have seen, make sure you review those warnings too, and let your users know what they mean and what you expect them to do about any issues that may arise.

“Don’t patronise your users, because no one likes that; but don’t leave them to fend for themselves, either – show them a bit of cybersecurity love and you are very likely to find that they repay it.

4. Make sure they have somewhere to report security issues

“If you haven’t already, set up an easily remembered email address, such as security911 @ yourcompany DOT example, where users can report security issues quickly and easily.

“Remember that a lot of cyberattacks succeed because the crooks try over and over again until one user makes an innocent mistake – so if the first person to see a new threat has somewhere to report it where they know they won’t be judged or criticised (or, worse still, ignored), they’ll end up helping everyone else.

Teach your users – in fact, this goes for office-based staff as well as teleworkers – only to reach out to you for cybersecurity assistance by using the email address or phone number you gave them. (Consider snail-mailing them a card or a sticker with the details printed on it.)

“If they never make contact using links or phone numbers supplied by email, they they are very much less likely to get scammed or phished.

5. Make sure you know about “shadow IT” solutions

Shadow IT is where non-IT staff find their own ways of solving technical problems, for convenience or speed.

“If you have a bunch of colleagues who are used to working together in the office, but who end up flung apart and unable to meet up, it’s quite likely that they might come up with their own ways of collaborating online – using tools they’ve never tried before.

“Sometimes, you might even be happy for them to do this, if it’s a cheap and happy way of boosting team dynamics.

For example, they might open an account with an online whiteboarding service – perhaps even one you trust perfectly well – on their own credit card and plan to claim it back later.

“The first risk everyone thinks about in cases like this is, “What if they make a security blunder or leak data they shouldn’t?”

“But there’s another problem that lots of companies forget about, namely: what if, instead of being a security disaster, it’s a conspicuous success?

“A temporary solution put in place to deal with a public health issue might turn into a vibrant and important part of the company’s online presence.

“So, make sure you know whose credit card it’s charged to, and make sure you can get access to the account if the person who originally created it forgets the password, or cancels their card.

“So-called “shadow IT” isn’t just a risk if it goes wrong – it can turn into a complicated liability if it goes right!

Most of all, the Paul Ducklin added, “if you and your users suddenly need to get into teleworking, be prepared to meet each other half way.

“For example, if you’re the user, and your IT team suddenly insists that you start using a password manager and 2FA (those second-factor login codes you have to type in every time)…

“…then just say “Sure,” even if you hate 2FA and have avoided it in your personal life because you find it inconvenient.

“And if you’re the sysadmin, don’t ignore your users, even if they ask questions you think they should know the answer to by now, or if they ask for something you’ve already said “No” to…

“…because it might very well be that they’re asking because you didn’t explain clearly the first time, or because the feature they need really is important to doing their job properly.

“We’re living in tricky times, so try not to let matters of public health cause the sort of friction that gets in the way of doing cybersecurity properly!

Here are other Sophos resources related to COVID-19 that you may find useful:

SophosLabs has uncovered a variety of different malicious email campaigns connected to COVID-19, including:

Phishing scams impersonating the WHO, CDC, and other healthcare organizations to deliver malware via malicious documents disguised as official information on how to stay safe during the pandemic

Cybercriminals impersonating charities and relief organizations like the WHO’s COVID-19 Solidarity Response Fund to trick victims into sending them Bitcoin

SophosLabs is updating its Uncut blog with new findings in real time.

Related Topics:

GrassRoots.ng is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.

Continue Reading

News

Badaru on Operational Tour of 82 Division, other Military Installations in Enugu and Imo States

Published

8 hours ago

on

November 21, 2024

By

Badaru in Enugu
Minister of Defence H.E Mohammed Badaru Abubakar

The Honourable Minister of Defence H.E Mohammed Badaru Abubakar CON mni is currently in Enugu on operational tour of 82 Division of Nigerian Army and other military platforms in Enugu.

He was received on arrival by the General officer Commanding 82 Division of the Nigerian Army / Commander JTF SE of operation Udoka Major-General H.T Dada and other  senior military officers.

Minister of Defence H.E Mohammed Badaru Abubakar
Minister of Defence H.E Mohammed Badaru Abubakar

The Minister is expected to meet with South East stakeholders on the way forward.

Details later…

Continue Reading

News

Tinubu Grants More Power to Ministers of State on Oversight Funtions

…of Agencies under them

Published

2 weeks ago

on

November 11, 2024

By

Minister of State for Defence Dr. Bello Matawalle
President Bola Tinubu and Minister of State for Defence Dr. Bello Matawalle

Tinubu has granted full oversight responsibilities to Ministers of State over agencies under them amongst whom are Minister of State for Defence Dr. Bello Matawalle, Water Resources and Sanitation, Minister of State for Agriculture and others will henceforth enjoy full  oversight responsibilities over such agencies.

President Bola Tinubu at FEC Meeting has approved that ministers of state be given full powers to supervise the agencies under them, the cable reported.

Until now, files pertaining to departments and agencies under their supervision were sent by their permanent secretaries to the senior ministers.

With the new dispensation, ministers of state can now grant all necessary administrative approvals on the governance process of these agencies and departments.

According to a source in the office of the head of service of the federation, “the president was not pleased with the prevailing governing framework in which ministers of states were just ministers in name”.

This, Tinubu reportedly said, led to the “underutilisation of the expertise and capabilities” of most ministers of state.

“The president believes ministers of state should have the right to make decisions and direct action within their areas of responsibility,” the official added.

According to the Cable report, the source said the idea, first mooted by Hadiza Bala Usman, special adviser to the President on policy coordination and head, central delivery coordination unit got an instant buy-in from the President.

With the new directive, the administration hopes “to unleash” the potential of all the ministers, the source added.

Continue Reading

News

Enugu: Mbah Approves N80,000 Minimum Wage for State, LG Workers and Primary School Teachers

Published

4 weeks ago

on

October 25, 2024

By

MBAG, ALGON and Minimum wage
L-R: Secretary, ALGON, Enugu State chapter, Hon. Uche Okolo; Vice Chairman, ALGON, Enugu State, Hon. Ferdinand Ukwueze; Chairman, ALGON, Hon. Okechukwu Edeh; Chairman, TUC, Enugu State, Comrade Ben Adogwa; Governor of Enugu State, Dr. Peter Mbah; Chairman, NLC, Enugu State, Comrade Fabian Nwigbo; Chairman, Joint Public Service Negotiating Council, Comrade Ezekiel Omeh; Chairman, NULGE, Enugu State, Comrade Udaya Ani and the Head of Service, Mr. Kenneth Ugwu, during the announcement of N80,000 new state minimum wage at the Government House, Enugu, Thursday.

It’s unprecedented to earn above minimum wage in Enugu- Labour

… We’ll commence implementation immediately- ALGON

Governor of Enugu State, Dr. Peter Mbah, has approved N80,000 minimum wage for the state’s work force, including local government workers, effective October 2024, noting a direct link between a motivated workforce and his administration’s vision of growing the state’s economy from $4.4bn to $30bn.

The new minimum wage covers all state employees, primary school teachers, and local government workers.

Organised labour has described the wage as unprecedented, as it was the first time that Enugu workers would be earning above the national minimum wage.

Mbah announced the new minimum wage on Thursday after a meeting with the Enugu State Minimum Wage Implementation Committee headed by the Head of Service, Kenneth Ugwu and labour leaders, including the state’s labour leaders.

Mbah said, “Few weeks ago, I inaugurated a committee with the responsibility to oversee the implementation of the New National Minimum Wage in Enugu State. Today, I’m happy to announce a new minimum wage for workers in Enugu State, reflecting our fidelity to their welfare, in regard of which we have been resolutely committed.

“We have approved the sum of N80,000 as the new minimum wage in Enugu State. This underscores our commitment to bequeathing lasting legacies of improved living conditions.

“Our commitment to improved workers’ welfare runs deep, and is rooted in the firm understanding of the inextricable link between an inspired workforce and the audacious economic targets we had set our sights on.

“We clearly understood that reducing poverty to the barest minimum and achieving an unprecedented economic growth target were contingent on the output of the workforce. Therefore, for us, the best way to acknowledge that labour creates wealth is by ensuring that the workforce, which creates the wealth that oils the wheel of government, is sufficiently motivated.

“We have similarly demonstrated our commitment to workers welfare through the consistent payment of the wage awards, a gesture we had pledged to sustain until a new wage structure took effect.”

Speaking, the Chairman of the Enugu State chapter of the Nigeria Labour Congress, NLC, Comrade Fabian Nwigbo, thanked governor Mbah for always prioritising the welfare of workers, describing the new minimum wage as “a great one for Enugu workers.”

 “In the past, when minimum wage is announced, it takes up to one or two years for anything to happen; and when it did, we took anything they gave us as we saw it.  But today, you have even given us something much higher than national minimum wage. 

“But I am not totally surprised because when other governors were paying N12,000 wage award, you were paying us N25,000. When others paid for some months and stopped, you continued paying it until the new minium wage as you promised. So, we have enjoyed wage award for 11 months and today you announced the minimum wage which is the first of its kind since my 32 years in service,” said.

Speaking to Government House correspondents, the Chairman of the Enugu State chapter of the Trade Union Congress, TUC, Comrade Ben Asogwa, said, “We are so happy. The governor did not just announce ₦80,000 minium wage, but said that it cascades down to even local government workers. He said that he does not want disparity in salary implementation in Enugu State anymore because we all go to the same market.

“This is the first time in history we are seeing the implementation of minimum wage above the approved amount by the federal government. Actually, when we entered into the negotiation, we were afraid because we know quite well that we are not among the states that share in dividends of oil money. We know quite well that we are at the back when it comes to federal allocation, but His Excellency actually surprised us.

“One thing we have seen is that he understands the impact of motivation on productivity. The governor has set a pace and we know that any other person coming after him will have the challenge to meet up with the target set by His Excellency, Governor Peter Mbah.”

On his part, Chairman of the Association of Local Government Workers, ALGON, Enugu State, Hon. Okechukwu Edeh, pledged the commitment of council chairmen to implementing the new minimum wage.

“When you motivate workers, they become more productive. What I am promising on behalf of the Enugu ALGON family is that we are going to cascade the new minimum wage to the local government level. Implementation begins immediately,” he said.

Continue Reading

Trending