Remote workers can learn how to keep themselves – and their organisations – secure from cyberattacks with the aid of a new set of free tools and roleplay exercises from the National Cyber Security Centre (NCSC).
The 'Home and Remote Working' exercise has been added to the NCSC's Exercise in a Box, a toolkit designed to help small and medium-sized businesses prepare to defend against cyberattacks by testing employees with scenarios based around real hacking incidents – and lessons on how to respond.
Designed by the NCSC – the part of GCHQ with the role of keeping the UK safe from cyberattacks – the latest toolkit reflects the rise in remote working over the course of 2020 as a result of the coronavirus pandemic-imposed lockdown; and how hackers have looked to take advantage.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
The exercises focus on how staff members can safely access networks, what services might be needed for secure employee collaboration, and what processes are in place to manage a cyber incident remotely.
As part of the exercises – which are available to download for free – employees are provided information about processes and knowledge about boosting cybersecurity and are tested on what they learned.
"We know that businesses want to do all they can to keep themselves and their staff safe while home working continues, and using Exercise in a Box is an excellent way to do that. While cybersecurity can feel daunting, it doesn't have to be, and the feedback we have had from our exercises is that they're fun as well as informative," said Sarah Lyons, NCSC deputy director for economy and society engagement.
"I would urge business leaders to treat Exercise in a Box in the same way they do their regular fire drills – doing so will help reduce the chances of falling victim to future cyberattacks," she added.
Launched last year, the Home and Remote Working toolkit is the tenth series of scenarios to help organisations prepare their employees for an attack by hackers. Other exercises include scenarios based around real ransomware attacks, losing devices and a cyberattack simulator that imitates hackers targeting the organisation to test the response.
SEE: Inside a ransomware attack: From the first breach to the ransom demand
According to the NCSC, more exercises will be added soon, allowing businesses to help protect against a wider range of attacks and incidents.
The NCSC has previously published guidance on boosting the cybersecurity of employees who are working from home. The advice includes ensuring that access to systems is secured by strong passwords and, if available, two-factor authentication.