Cyber Security – DistanceLAB

What is the general idea of the service?

DistanceLab-project will develop a cyber security tool that will be useful for all the organisations that have remote workers and for those who want to digitalize the businesses. This pilot will be developed together with SME´s and public sector to find the best practices.

Why are we piloting it?

DistanceLAB-project aims to develop tools that enhance stakeholders’ resilience and adaptability by improving their skills in remote activities. With the increasing digitalization and remote work, the risks of data leaks and cyber-attacks are heightened. Therefore, cyber security awareness and data security skills are integral components of every organization’s risk management and resilience.

Why is your organisation invited to join?

This tool will be particularly useful for SMEs and the public sector. The challenge lies in the fact that cyber security risks vary depending on the industry and the size of the organization. That’s why we need to engage in discussions with various stakeholders in order to develop a tool that can be utilized by individuals and organizations.

What do you get?

You will have the opportunity to participate in interactive workshops where current cyber threats will be discussed, engage in discussions with experts, and share best practices. You have a unique chance to be involved in an EU–funded project, where you can share your ideas and learn from others.

Cyber security in remote work

Lets talk about cybersecurity

Below you find a cybersecurity diary PDF and Let’s talk about cybersecurity which also has a video version and powerpoint.

Cybersecurity diary

Lets_talk_about_cybersecurity

Cybersecurity measures for remote work recruitment

In a job interview

Find out how a person generally relates to cybersecurity.
Example questions for the recruiter:
How did you consider cybersecurity at your previous workplace?
How important do you think cybersecurity is?
Is cybersecurity important to you or do you prefer to leave it to
the IT department?
What password practices do you have?
Do you know someone who has been the victim of a
cybersecurity breach, and how do you feel about it?
Do you know someone who knows the person you are
considering recruiting?
Check references

Worth considering in the social and health care sector

Staff in the social and health care sector are interested in caring
for people, not IT systems.
However, if one out of two applicants says that data protection
is important, this should be taken into account in the
recruitment decision.

Once the person has been recruited

Ensure that people working remotely receive
regular training.
The desire to learn is an important quality in all
work, and in remote work it is really important
to be curious and want to get to know things.
It is important that everyone stays up to date
on cybersecurity issues (not just the IT
department).

How can the employer support and engage their employees?

Attend a data security training together.
The employer should maintain motivation and engage the work community to minimize staff
turnover (risk of information leakage)
Provide clear instructions to employees on how to take care of cyber hygiene.
Ensure that data security instructions are visible in the workplace (for example, a board on the wall).
Provide instructions on who to contact if an employee suspects they have been the victim of a
cybersecurity incident.
Develop an action plan to support employees in the event of harassment on social media.
Develop guidelines for mobile work:
* how to act with customers
* on summer holiday trips, abroad, on trains, buses, airports

Cybersecurity review of your home office

How do you handle confidential documents?
Who hears your calls?
Do you do things other than work-related matters
on the work computer?
Is the VPN turned on?

After employment

The employee promises on a signed form that the
employer’s company information or customer
information is not available on the home
computer, in the cloud or on paper.
Ensure that the former employee does not have
user credentials, permissions or access to the
organization’s systems

Cyber- and data security audit form for distance work

Intended for self-assessment of employees' cyber and information security.

Remote Workstation	Your Answer	How to Reduce Your Risk
Can you lock the door to your remote working space?	Yes No Sometimes	Lock your workspace whenever possible. Discuss with your employer whether they would be interested in paying for an electric lock, for example.
Does your remote working space have a lockable locker or cupboard?	Yes No Sometimes	Lock your equipment and documents in a cupboard whenever you leave the premises (during lunch, at the end of the working day). Discuss with your employer whether they are interested in paying for a lockable cupboard in the room.
Are there other people (non-work colleagues) in your workspace when you are working?	Yes No Sometimes	Can you turn the screen to not to be visible to others? Get a privacy film for the screen if this is not possible.
Do other people hear what you say during your working day?	Yes No Sometimes	Close the door. Use headphones. Lower your voice. If it is a confidential matter, go to a place where no one can hear the conversation or ask outsiders to leave.
Do other people have access to your workstation when you are not present?	Yes No Sometimes	Lock the device every time you get up from your workstation. Use a password long enough and unique enough. Keep your documents out of the reach of outsiders. "The empty desk principle."
Can your screen be seen through a window from the street?	Yes No Sometimes	Protect your data. Use curtains or reflective film on the window if necessary.

In Public Places	Your Answer	How to Reduce Your Risk
Do you make business calls in the presence of other people?	Yes No Sometimes	Never use a loudspeaker. Your conversation partner's voice will not be heard if you use headphones. Go to a private space. This tip also applies to public transport and cafés.
Do you use a computer in a public place?	Yes No Sometimes	Get a privacy screen protector for your screen. If this is not possible, do not handle confidential information where others can see your screen.
Do you connect to public or free networks with your devices?	Yes No Sometimes	Avoid connecting to the public network. Share the network from your phone instead. If you absolutely have to use the public network, remember to use a VPN.

Working Methods	Your Answer	How to Reduce Your Risk
Do all work devices have a password or pin code?	Yes No Sometimes	Install the passwords without delay.
Do you leave your work phone unattended to charge?	Yes No Sometimes	Ensure confidential messages are not visible on the screen during charging. Place your phone securely.
If confidential messages may appear on the mobile screen during charging, you should consider where do you leave you mobile	Yes No Sometimes	Set your computer to autolock (e.g. 5 minutes). Remember to lock the screen when you leave the room
When connecting your computer to a projector, do you ensure your password is not visible?	Yes No Sometimes	Unplug the projector when you enter a password..

Do You Know...	Your Answer	Your Own Notes
Who to ask for advice if you're worried about cybersecurity issues?	Yes No I am not sure	Ask for guidance
What to do if you suspect a scam email or phone call?	Yes No I am not sure	Ask your employer about the company’s data security policies.
What to do if your computer starts behaving strangely?	Yes No I am not sure	You have about 40 seconds to act, after which your entire company network may be down. In the case of a desktop computer, unplug the network and power cable as quickly as you can. In the case of a laptop, put it in airplane mode (find out right away where the function is on your own computer) and press the power button down for 15 seconds. DO NOT RESTART. .

Employee Declaration at the End of Employment

To be completed upon the termination of employment.

I hereby confirm that I have returned all property belonging to (employer) that was in my possession. This includes both tangible and intangible assets.

Additionally, I declare that I no longer have access to any of the company's information, nor do I retain any company-related data in my possession, such as customer records, files, supplier lists, spreadsheets, contracts, or any other information, whether in electronic or physical form.

I have also checked:

all personal and other devices I have used (for example, my phone, including my photo gallery, computer, tablet, etc.), and
any services I have used, such as social media, communication tools, or cloud services,

and I have deleted any photographs, documents, or other confidential information belonging to (employer) from them.

Place and date:

Name of the employee:

_________________________________

CyberAkuten

The Story of Cybersecurity Clinic #CyberAkuten

The idea of “Cybersecurity Clinic – CyberAkuten” came to me during a conversation with a micro-entrepreneur who expressed concerns about cybersecurity threats. He mentioned that these worries might prevent him from setting up a website he had planned.

This led to the creation of a series of monthly events, held ten times in total. As the project area in Finland is in a Swedish speaking area and since there are Swedish project partners, we decided to have discussions by mixing Swedish and Finnish. Each event featured a short introduction on a chosen theme, followed by free discussions. Onsite discussions blended seamlessly with remote participants.

The Cybersecurity Clinic was a perfect collaboration between two projects: ISSUES and DistanceLAB. Both projects target SMEs and aim to increase digital skills. The CyberAkuten discussions generated valuable material for both projects. DistanceLAB produced an easy-to-read guide for coffee tables or informal remote meetings, complete with ready-to-use templates for security discussions. Meanwhile, ISSUES created a booklet addressing most of the questions raised during the events.

Enjoy the series of #CyberAkuten

Reduce Stress & Boost your Cybersecurity Wellbeing 12.12.2024 (In English)

https://www.youtube.com/watch?v=fBmFUt1rb78

Cyberhygien – Du har väl tvättat händerna? 14.11.2024 (Swe)

https://www.youtube.com/watch?v=J2X3YbGFLJM&t=10s

Hur uppstår en incident? 17.10.2024 (Swe)

https://www.youtube.com/watch?v=R8R8a24E9II

Riskhantering och du – Vad behöver man egentligen göra? 12.9.2024 (Swe)

https://www.youtube.com/watch?v=o97h64ZQye4

Så här skapar du ett bra lösenord – Näin teet hyvän salasanan. 16.5.2024 (Swe-Fin)

https://www.youtube.com/watch?v=DeLv3X9y2pg&t=4s

Multifaktorsautentisering – Monivaiheinen tunnistautuminen. 11.4.2024 (Swe-Fin)

https://www.youtube.com/watch?v=OUODN6vmB80

Skydd mot dataintrång – Suojautuminen tietomurroilta. 14.3.2024 (Swe-Fin)

https://www.youtube.com/watch?v=4sTiq-Z9plk&t=1s

Skydd mot nätbedrägerier – Suojautuminen nettihuijauksilta. 15.2.2024 (Swe-Fin)

https://www.youtube.com/watch?v=MAAxF0tMp1A

Netikett – Netiketti 11.1.2024 (Swe-Fin)

https://www.youtube.com/watch?v=TH2sAwggI1Y&t=1s

Informationspåverkan – Informaatiovaikuttaminen 14.12.2023 (Swe-Fin)

https://www.youtube.com/watch?v=pzG8Xhb4WT4&t=1s

#CyberAkuten Q & R report 2024 (In English)

https://joom.ag/g67d

Link to ISSUES-project (Funded by Interreg Aurora)

https://www.cybernorth.se/

Cyber security checklists

Checklist for a employer

Security Training

Provide regular security training with the focus on remote work-related security issues.

Ensure that the employees are aware of the latest threats.

Physical Security

Provide guidelines to employees for securing their home work environment.

Consider lockable cabinets for sensitive information if necessary.

Passwords

Encourage employees to use strong passwords and change them regularly.

Provide tools for password management if needed.

Email

Ensure employees have clear instructions for identifying suspicious emails.

Provide tools for verifying email authenticity if necessary.

Workspace

Encourage employees to keep their workspace tidy and protect confidential information. Provide secure storage options if needed.

Backup

Ensure that backups cover remote employees.

Provide company services for backup.

Remote Work

Provide the secure remote working tools and ensure that the employees are familiar with their proper use. Also regularly check the security of remote connections.

Mobile Devices

Provide company-approved mobile apps.

Ensure that the employees use mobile devices properly.

Malware Infection

Establish clear procedures for how to deal with malware infections.

Provide support services and stay in contact with security officers.

Culture of Continuous Improvement

Encourage open communication and reporting of security observations.

Continuously assess and update company security practices to address the work environment and the changing threat landscape.

Customize these guidelines to fit the specific needs of your company.

Security is a responsibility for all.

Checklist for a remote worker

Security Training

Be an active participant in regular security training sessions. Understand security aspects related to remote work and stay informed about new threats.

Physical Security

Create a calm and secure work environment at home.

Secure sensitive documents in a lockable cabinet and keep your workspace private.

Passwords

Use strong passwords and change them regularly. Do not share your passwords with anyone, and keep them secure from other family members.

Email

Exercise caution with suspicious emails. Always verify the authenticity of a message, especially if personal information is requested.

Workspace

Lock your computer whenever you leave your workspace.

Keep your home environment tidy and protect confidential information.

Backup

Ensure that important files are stored securely, and regularly backup data.

Use company-provided cloud services if available.

Remote Work

Always use a strong password and enable multi-factor authentication for remote connections. Use secure remote work tools provided by the company.

Mobile Devices

Protect your phone with a passcode and ensure your device is always updated and secure. Avoid unnecessary apps and download only from official app stores.

Malware Infection

If you suspect a security issue, stay calm.

Disconnect and contact your security officer or supervisor.

Checklist for the provider of digital services

Cybersecurity Strategy

Develop a comprehensive cybersecurity strategy that addresses potential threats and vulnerabilities in your digital services.

User Data Protection

Implement robust measures to protect user data, including encryption, secure storage, and access controls.

Compliance with Data Privacy Laws

Ensure strict compliance with data privacy regulations, such as GDPR, and regularly audit data handling practices.

Regular Security Audits

Conduct regular security audits to identify potential weaknesses in your digital services.

Stay informed about threats, and participate in cybersecurity communities.

Incident Response Plan

Establish an incident response plan to handle and mitigate cybersecurity incidents.

Employee Cybersecurity Training

Provide thorough training for employees on cybersecurity best practices to minimize the human factor in security incidents.

Third-Party Security Assessments

Conduct regular security assessments of third-party services and tools integrated into your digital services.

Continuous Monitoring

Implement continuous monitoring tools to detect and respond to security threats in real-time.

Secure Development Practices

Incorporate secure coding practices into the development process to prevent common vulnerabilities.

Free cybersecurity tools

Remote workers can use scanning to identify vulnerabilities in their home network. Scanning can be used as part of cybersecurity measures to ensure that home networks are protected, and potential threats are detected and addressed promptly.

Nessus Essentials is one of the free cybersecurity tools available that can help enhance online security. It provides the ability to conduct security scans on a computer or network. Nessus Essentials offers reports on detected vulnerabilities and suggests actions to fix them. Tools such as these are an excellent way to identify and address security issues without requiring in-depth technical expertise.

By scanning devices and the network, potential vulnerabilities and security gaps can be identified. This helps prevent possible attacks and safeguards information. Through scanning, a remote worker can check which devices are connected to their home network. It´s important that all devices are known and secure. Using up-to-date software is crucial for maintaining security, and scanning can reveal if devices have outdated software.

The frequency of using a scanner depends on various factors, including the specific security requirements of the individual or organization, the nature of the devices and networks involved, and the level of potential risks.