Is Cybersecurity a Home Working Health and Safety Issue?

• Content
• Safety & Health
• Is Cybersecurity a Home Working Health and Safety Issue?

30 March 2021

Bureau Veritas is urging businesses who are remote working to prioritise cybersecurity as a health and safety risk.

As Britain looks set to embrace a long-term shift to remote working, Bureau Veritas, a provider of Testing, Inspection and Certification (TIC) services, wants cybersecurity culture to be improved across the board in businesses.

It comes as recent reports show hackers earned a record £28 million last year for reporting software flaws during the pandemic. Meanwhile, with more companies introducing hybrid models of working in which staff split their time between the office and home, cybersecurity is increasingly becoming a health and safety issue, with rising pressure on firms to create a “cyber-safe” working environment – whether that is in the home or the office.

As such, Bureau Veritas is encouraging businesses to mitigate this rising risk by ensuring all employees are trained and up to date on the latest best practices.

"One example is working from home during the pandemic, how many of us left our work laptops unattended and accessible while we were home-schooling or answered the door for packages?"

–Basilio Vieira

Lead Auditor, Bureau Veritas

 

Leaving Laptops Unattended

Basilio Vieira, Lead Auditor at Bureau Veritas, said: “The coronavirus pandemic has irreversibly changed the way we work. And with more of us set to split our working week between the home and the office, organisations need to respond to this ‘paradigm shift’ by treating information security as a health and safety risk.

“This means instilling a workplace culture which prioritises cybersecurity at all times so that employees take this seriously wherever they may be working. One example is working from home during the pandemic, how many of us left our work laptops unattended and accessible while we were home-schooling or answered the door for packages?

“Yet, we only need to look at the 2017 WannaCry attack on the NHS4, which cancelled 19,500 medical appointments, including operations and locked computers at 600 GP surgeries, to understand the huge implications for mechanical failure that weaknesses in the information security system on can have. But when we think about cybersecurity it’s more than just hackers – we’re talking about protecting confidentially, integrity and availability of data and IT systems and currently that’s paramount.”

ISO 27001 Certification

According to Bureau Veritas, businesses looking to create a robust system for handling information security risks should look to ISO 27001. A voluntary certification, it sets out best practice in terms of managing the security of assets such as financial information, intellectual property, and information entrusted by third parties.

Basilio continues: “It’s also worth considering that with most offices or work buildings now functioning off a central, protected network, such systems need to be monitored to detect actual or attempted cyber attacks and failures. As such, a standard like ISO 27001 will help firms complete a risk assessment and ask those all-important questions. What happens if the system is exposed? What’s the worst-case scenario planning?

“ISO 27001 is a comprehensive solution which provides a framework that is adaptable to any environment. Ultimately, it means you can reap the rewards of a more connected world while acknowledging and managing the risks associated with this.”

Picture: a graphic showing some code on a computer screen

Article written by Ella Tansley | Published 30 March 2021

Share

Related Articles