Working remotely can mean that it is harder to secure your data against cyber attack. It can seem hard to find the balance between supporting easy access to systems and managing them securely. It is essential you have good cyber awareness and contingency planning in place.
Your board/trustees should work with senior management to identify risks and protection measures to put in place. A written policy should be produced with information on what to do in the event of a cyber attack; who needs to be informed; and which gives clear guidance to staff on their day-to-day responsibilities.
You may also decide to get your organisation Certified in Cyber Essentials, a government- backed scheme.
You should encourage your people to be curious and report any issues to senior management. If you regularly pressure your staff to just get on with things, then you risk them losing their natural curiosity to evaluate things and spend time flagging up anything concerning
You should also keep yourself up-to-date on security issues and shut down scaremongering conversations, which are often fueled by tabloid headlines and social media.
It can be difficult for people to know what to believe, so you should promote the truth and validity of just a few trusted sources to prevent the overwhelming amount of information available. Our trusted sources are NCSC (National Cyber Security Centre), Scottish Government’s Cyber Resilience Unit and Get Safe Online.
You should also provide and manage devices which will make it much easier to ensure key security settings are applied and kept up to date.
You should provide staff with regular training on online safety and cyber security. Any reported incidents should be circulated to all staff to remind them to be vigilant and to encourage reporting.
You should regularly remind staff to of safe working practices, such as: