In these unprecedented times many of us are already working from home as opposed to the office. For some, remote working is part of our weekly routine. For others, who's roles may have been purely office based, there is much to get used to, and it might currently all feel a bit overwhelming.
The key challenge over recent days has been enabling remote access for staff so they can respond to emails and access organisational data, in order to continue to deliver services as best they can.
We do all now need to ensure that we are following best practice when using our deveices at home, to minimise any security risks posed, now that we are out of the office environment.
Hopefully the following practical guidance will be useful to smaller charities and community groups. particularly the majority with no dedicated internal IT staff.
Use of personal devices
The ideal solution would be for staff to use organisational laptops and other devices for carrying on working. We appreciate this is unlikely to be possible for many small and local charities, and so if unavoidable, there are some protocols you should introduce to minimise risk.
- Ensure devices have basic security features turned on. Windows 10 is the only currently supported version and comes with anti virus and firewall through the Windows Defender Security Centre. Ask staff to check these feature are turned on and also to check that Updates are automated. There are alternative free anti virus options for personal use - see here for a list of options.
- If sharing a PC or laptop with other members of your household:
- Where possible, do not download documents containing confidential or personal data (information that identifies individuals)
- If this is unavoidable, ensure that you delete files from local drives and also from your recycle bin after use
- If using Office 365 or other online access to files and email, or online databases / CRM systems, always log out of your account and close your browser after use. Then re-sign in each time you need to access it (avoid ticking – remember password or stay signed in options)
- Where possible – set up a different Windows or Mac user account for work use, to minimise others in the household accessing organisational data if saved locally unintentionally
General cyber security tips
Please remind all staff about general IT security and data protection best practice to follow. Useful resources and advice to share include:
- Superhighways' blog posts on a range of IT security considerations including our Phishing awareness raising video. The National Cyber Security Centre have posted a blog highlighting that there have been a number of phishing attacks exploiting worries over the Coronavirus, so it's more important than ever stay alert
- National Cyber Security Centre's 'Stay Safe Online: Top Tips for Staff' online cyber security training along with this downloadable infographic summarising key points.