Ben Riley-Smith
March 17, 2015
Britain’s spies have told businesses to consider stripping employees of company smart phones and memory sticks to protect themselves from cyber-attacks, The Telegraph can disclose.
Advice issued by GCHQ, the government’s listening post, and other departments warns firms that staff are the “weakest link in the security chain” and protective action must be taken.
Companies have been told staff should only use trusted Wi-Fi networks – effectively ruling out using laptops in coffee shops like Starbucks without special protections – and constantly update internet browsers.
They were also warned disgruntled employees may attempt to “steal or physically deface” computers or become vulnerable to blackmail if secrets about their personal lives become known.
The warnings were contained in ‘10 Steps to Cyber Security’ guidance issued by CESG – the Information Security arm of GCHQ – in conjunction with the Cabinet Office, Business Department and Centre for the Protection of National Infrastructure.
It comes after the Prime Minister called cyber-attacks “one of the biggest modern threats that we face” and prioritised improving Britain’s defences since taking office in 2010.
Part of the Coalition’s push to strengthen the country’s resistance to cyberterrorism is to build awareness and protection among the business community.
In a series of detailed guidance documents for businesses issued by GCHQ alongside other departments, firms are urged to take steps to make themselves less vulnerable to attacks.
“Monitor all user activity,” the advice says, telling companies they should be watching over the internet behaviour of employees at all times so they can always “identify” the staff member.
Make sure staff know “any abuse of the organisation’s security policies will result in disciplinary action”, the government says in another part of the advice.
Specific measures are also mentioned, including possibly stripping staff of company phones. “Assess business requirements for user access to input/output devices and removable media (this could include MP3 players and Smart phones),” the advice states.
Later it raises the prospect of spies snooping on mobile phones, adding: “Some users will have to work in public open spaces where they are vulnerable to being observed when working on their mobile device, potentially compromising personal or sensitive commercial information or their user credentials.”
Employees are advised against using phones and laptops on anything other than “trusted wireless networks”, while if they must use public Wi-Fi a special “private network” should be installed.
The measures raise the prospect of firms cutting back the number of smart phones given to employees and restricting access to sensitive information to protect itself from attacks.
The advice also raises the prospect of hostile spies using changes in an employee’s private life for blackmail: “A significant change in an employee’s personal situation could make them vulnerable to coercion and they may release personal or sensitive commercial information to others.”
“Dissatisfied users may try to abuse their system level privileges or coerce other users, to gain access to information or systems to which they are not authorised. Equally, they may attempt to steal or physically deface computer resources.
No comments:
Post a Comment