I am working from home – Am I still responsible for the security of my device and any information I have stored on it?
Yes, users are responsible for the physical security of all mobile devices provided for work purposes, and for the information stored on them. The mobile device remains the property of the NICS and must only be used in accordance with official guidelines. All incidents or breaches of security, including any lost mobile devices must be reported immediately or as soon as reasonably possible to IT Assist (155 if inside network or 0300 1234 155 if external to the network, email email@example.com). Where a crime is suspected, contact PSNI.
Can I connect my personal phone or personal media storage device to my laptop?
No, only devices issued by ITAssist are permitted to be connected to NICS laptops and tablets. NICS staff must not connect / charge personal phones, cameras or media storage devices to NICS laptops and tablets. Approved items can be viewed on the ITAssist catalogue and requested through the established processes. As per the NICS mobile Device Policy, Multi-media data cards must not be used to transfer or store NICS information.
Can I use my personal email for work purposes?
No, Section 4.5 of the NICS Use of Communications Policy highlights certain actions that could pose a substantial threat to the integrity of the NICS or its IT systems and emphasises that all staff must be careful not to take a range of actions. These include auto-forwarding emails from your NICS account to personal accounts and using private email accounts for business purposes.
I have read news articles which highlight a significant increase in the number of email phishing attacks. What does this mean and how can I identify these?
NICS DSS IT Security teams are aware of a significant increase in the number of spam phishing emails being received by NICS staff. The National Cyber Security Centre advises everyone to be on heightened alert at this time as Cyber criminals are preying on fears of the coronavirus and sending 'phishing' emails that try and trick users into clicking on a bad link.
Once clicked, the user is sent to a website which could download malware onto your computer, or steal passwords. The scams may claim to have a 'cure' for the virus, offer a financial reward, provide updates or medical advice or be encouraging you to donate.
Like many phishing scams, these emails are preying on real-world concerns to try and trick people into doing the wrong thing. Please refer to our guidance on dealing with suspicious emails.
What is NCSC guidance on connecting personal devices to the NICS network?
If an organisation has made the decision to allow staff to use their own devices to work remotely then at minimum the organisation should follow the guidance contained in the attachment.
- organisations must fully understand the risks involved and evaluate these before commencing a ‘Bring Your Own Device’ BYOD approach
- organisation must then develop a BYOD policy documenting the goals, controls and responsibilities
- the policy must be enforced with technical controls
- NCSC highlight three technical approaches for desktops / laptops NCSC observes that a BYOD approach will result in increased support costs, increased controls and increased auditing. In the absence of any of this guidance having been analysed or progressed, NICS should not be contemplating permitting staff to connect non ITAssist issued devices to the NICS network.
I have security concerns with working from home, what can I do?
Please continue to adhere to IT security policies as you would do in the office. Please take the following steps:
- be extra cautious about phishing scams (further information available here)
- ensure that all attendees on any audio/video calls are identified
- you should consider using PINs/passcodes in conference calls to enhance security
- please ensure that you store your laptop securely when not in use