Think Security

Page 1

Click here to view with images. To ensure delivery to your inbox, please add us to your address book.

Think Security Bulletin #10 17 April 2020

** Special bulletin on secure remote working ** Now that virtually everyone is working from home, we thought we'd focus in this bulletin on how to ensure we remain secure in the new environment and circumstances we find ourselves in. Below are some key things that you need to know, as well as some practical hints and tips.

The "threat landscape" You will no doubt have seen many news reports of increases in scamming activity that are specifically targeting the situation we find ourselves in: websites selling products that don't exist, phishing and other email scams, Zoombombers etc. Last week, the governmental body responsible for cyber security in the UK, the National Cyber Security Centre (NCSC), published a joint communication with its counterparts in the US warning of the prevalence of threats and scams related to Covid-19. The following threats were specifically called out: Phishing (both email and SMS messaging) using the subject of coronavirus or Covid-19 as a lure Malware distribution using coronavirus or Covid-19 themed lures Attacks against newly (and often rapidly) deployed remote access systems There is significant activity from malicious cyber actors looking to exploit both individuals and organisations, and it's really important we continue to adopt a paranoid approach to our security. Below are two things to be particularly diligent about that will help keep you and the firm secure in the new threat landscape:

1. Keep your home IT equipment secure You will no doubt recall that recently you will have had to evidence that the device on which you are accessing the firm's systems meets the Minimum Technical Requirements. Whilst your device was compliant at that point, it is important to note that there is an ongoing requirement for you to keep your Operating System and your anti-malware software up-to-date. In practice, this means installing updates on your device whenever they become available, and running regular malware scans. Doing this ensures that vulnerabilities that inevitably emerge in software are quickly "patched", and that if anything nefarious does get on your device it is identified (and hopefully neutralised) before doing any damage.

2. Watch out for phishing emails Please maintain a heightened level of alertness to coronavirus-related phishing emails given the huge increase in volume. The NCSC has detected more scams relating to Covid-19 than any other subject. Be particularly vigilant of behaviour and communications that do not look/feel right, and always be paranoid when clicking on links.

Working electronically Not having access to our offices forces us to work more electronically. As you will have realised, printing, scanning, photocopying, fielding incoming mail, sending out hard copy letters, meeting clients, etc, all becomes a challenge when working from home. Correspondence with clients will of course continue to be carried out principally by email. If a formal letter is required, it should be sent as an attachment to an email. If a letter absolutely needs a wet signature, there is a work-around for that. Steph has created guidance to assist you which can be accessed here.

Use of video, collaboration and communications platforms The shift to everyone working from home has naturally led to a proliferation in the number of platforms with which we are now communicating with others. It is important we are careful about how we interact with these platforms and the purposes for which we use them. For meetings and calls that are "MF initiated", we ask that you use the StarLeaf or LoopUp platforms. These are the only platforms at present upon which we have carried out the necessary due diligence around security, and with whom we have entered into negotiated contracts. For "inbound" calls/meetings that have been initiated via clients or other third parties, please speak to the IT Helpdesk in the first instance. There may be technical and/or security considerations that would make the use of alternative platforms inappropriate in certain circumstances. The IT Team are actively working to accelerate the roll-out of a product called "Microsoft Teams" to bring additional capability and functionality around internal and external collaboration. They are also looking at possibly introducing some new software that will allow us to deliver webinars. More detailed guidance will be released in due course about what tools to use and when to use them.

Printing Your home printer, if you have one, will now be automatically set as the default printing option. We recognise that printing at home may be more prevalent now than is usual given we are out of the office for a protracted period. However, we would ask that you do NOT print out

highly sensitive personal information because of the risk of data leakage and breaches of client confidentiality. You will not be able to print normally onto MF letter-headed paper if you have taken such paper home.

If you do print anything out, please make sure you, firstly, keep the printouts secure in your home whilst you are using them, and secondly, shred them once they're no longer required. If you haven't got a shredder, or they are too voluminous for your shredder, please store them securely until such a time as you can bring them into the office to place in the usual shredding consoles there.

Scanning At the moment, it is not possible to use a home scanner within Citrix in the way that you can with your home printer. Using your home scanner would require you to save information onto your personal computer, and then send it using a personal email address. Normally, both these actions are strictly prohibited (because the information would be outwith the security of the firm's systems), but the ISF has agreed to provide for the exception where the item being scanned does not contain personal or commercially sensitive information. If you have a particular requirement for home scanning, please speak to the IT Helpdesk in the first instance.

Other pointers We appreciate it's difficult in the current circumstances, but client confidentiality must be maintained at all times. Please consider the security of your screen (not being overlooked) and the security of any telephone conversations (not being overheard). Remember that headsets may be requested via Central Services or the Glasgow Admin Hub. Please continue to lock your screen when you are taking a break - particularly if you have young children around who may accidentally (or intentionally!) press some buttons and send an incomplete email or cause you to lose some unsaved work!

Interesting articles / further resources Coronavirus: How hackers are preying on fears of Covid-19 Phishing attacks: dealing with suspicious emails and messages Home working: Managing the cyber risks (NCSC infographic)

If you have any questions in relation to the content reported here, or would like to report any information security issues, please contact infosec@morton-fraser.com

Forward to a Friend | Unsubscribe | Manage preferences Address:

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.