Cyber Security

When working away from the office you shouldn’t use internet cafes, public Wi-Fi or shared computers when accessing sensitive or restricted information. If possible, it’s best not to use personal laptops or home computers for this type of work. It’s better to use a company laptop with all the necessary security controls installed. It’s good practice to make sure that restricted information is password protected and that laptop hard drives and memory devices are encrypted. When working remotely it’s important to connect to the office network using a secure connection, especially in public areas using a wireless connection. Remote workers can be vulnerable to scams and data breaches. It is important that every company includes cyber security considerations in their remote working policy. For example: Do employees use company laptops and phones? What access do they have to sensitive data? Do they know who to contact regarding any cyber security issues or concerns?

It is important to regularly review your cyber security policies and procedures, to ensure that they are still effective and up-to-date and you are not vulnerable to an attack. Our Cyber Security checklist can be downloaded below to help you identify any gaps or areas for review in your practices. In particular, cyber security training can help staff understand their responsibilities in protecting a business’s systems and data, in order to minimise the threat of a cyber attack.&

The Government has also endorsed a Cyber Essentials scheme. It allows businesses of all sizes to be independently certified for having met a good practice standard in 5 areas of computer security:

• Boundary firewalls and internet gateways
• Secure configurations
• User access controls
• Malware protection
• Patch management

If you gain certification it will allow your organisation to advertise that it meets a Government-endorsed standard. Since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts which involve handling personal information and providing some ICT products and services. Holding a Cyber Essentials badge enables you to bid for these contracts.

If you use display screen equipment for at least an hour or more every day – or a significant proportion of your work – then this would class you as DSE user. The DSE Regulations apply to you regardless of whether you’re at a fixed workstation, a mobile worker, work from home, or if you’re a hot-desker. There are some situations where the regulations don’t apply, these are:

• Driver’s/control cabs for vehicles or machinery
• Screens on board any form of transport
• Display screens that are intended for public use, e.g. electronic information display in a shopping centre
• Portable devices that are not used for prolonged periods of time
• Calculators, cash registers, or any other equipment with a small data or measurement screen, or
• Typewriters of traditional design – “window typewriters”

Although there is no fixed time between breaks or length of breaks stated in the Health and Safety (Display Screen Equipment) Regulations 1992, the regulations do suggest that breaks should be ‘periodically’ taken. The regulations suggest that each person’s work should be designed to include a mix of tasks, some screen-based and some non-screen based, to allow natural breaks from concentrating on the screen, sitting in the same position or repetitive input work, for example. Sometimes, due to the nature of your work, this is not possible, and in this case, deliberate breaks must be introduced. We suggest as a minimum guideline at least 5 minutes in every hour should be spent away from the screen, but it’s also important to make sure you change posture regularly and refocus your eyes; doing some simple stretching exercises at your desk can be very useful too. Try the 20-20-20 rule – every 20 minutes, look up from your screen at something about 20 feet away for about 20 seconds. This gives the muscles in your eyes a chance to relax.