We’ve all had to react fast to COVID19 threat. A significant change has been the move to more homeworking, which if not implemented well can introduce new risks that need to be understood. Here’s an update from Chris at Cybata about the implications of Coronavirus on GDPR and data…
Please be aware, in the past few weeks alone, hackers have created thousands of new #Coronavirus related sites as bait to spread dangerous #malware (for desktop & mobile) and #phishing threats.
Here are some practical security steps for sporting organisations:
1. Add a second level of security for your critical applications. Ensure Two Factor Authentication (2FA) is enabled on all your important/critical applications. This is a simple and hugely effective measure. This link shows common applications that support 2FA. Specific sports applications on-line will, generally, under their setting page give an option of 2FA or MFA (Multifactor Authentication) if they support it.
2. Ensure your passwords are updated. In-line with the National Cyber Security Centre (NCSC) recommendations ensure you use strong passwords – three random words is your strongest password.
3. Be even more paranoid of phishing and other scams. If something looks suspicious, don’t click or act on it and report it internally and to your outsourced IT supplier if you have one. Email scams related to COVID-19 are already on the rise.
4. Secure your home router. It is essential to ensure your home WIFI router has a strong password and is up to date. So many of us forget this simple action and its really easy to do!
5. Use VPN technology to connect to your organisations IT systems. Securing remote access to internal systems and online services is typically achieved by using a Virtual Private Network (VPN). In the case of CoronaVirus — many people have turned to VPNs for help. See VPN explanation below.
6. Disconnect from the company’s VPN when not in use. Leaving your connections open can increase the likelihood that if you’re breached, that extends past your machine and into your own network.
7. Don’t use your personal laptop or desktop. Don’t fall prey to the habit of using your personal machine for work. It’s inherently less secure than your work machine and your own machine will have all manner of non-work applications installed that could be used to access your organisation.
8. Don’t share your online meeting IDs or meeting URLs on social media. Online meetings are increasingly productive tools that allow people to work from anywhere, not just the office, but they come with a caveat: Sharing the meeting ID or URL can allow people to drop in and listen to sensitive conversations, record your voice or video, and infiltrate your new virtual workplace.
9. Where you have an outsourced IT supplier – You should be challenging them to identify any weaknesses in your IT system. With this information you can make good management decisions.
If you would like to discuss online Cyber Security and Data Protection training, please contact the WSA team.