GCHQ Advises UK Firms on Cybercrime Risk

UK companies have been advised that they should consider taking back company smartphones and memory sticks from employees to reduce the risk of cyberattacks, reports the
Daily Telegraph

The daily says that the advice comes from Government Communications Headquarters (GCHQ), the UK’s intelligence and security organisation, which warns firms that their staff are the “weakest link in the security chain” and protective action must be taken.

CCHQ recommends that company employees should only use trusted Wi-Fi networks – thus ruling out using laptops in coffee shops without special protections – and constantly update internet browsers.

Companies are also warned that disgruntled employees may attempt to “steal or physically deface” computers or become vulnerable to blackmail if secrets about their personal lives become known.

The recommendations are contained in
‘10 Steps to Cyber Security’
guidance from by the Communications-Electronics Security Group (CESG) – GCHQ’s information security arm – in conjunction with the Cabinet Office, Business Department and Centre for the Protection of National Infrastructure (CPNI).

In a series of detailed guidance documents for businesses issued by GCHQ alongside other departments, firms are urged to take steps to make themselves less vulnerable to attacks.

“Monitor all user activity,” the guidance recommends, adding that companies should monitor the internet behaviour of employees at all times so they may identify any offending staff member.

Ensure that staff know “any abuse of the organisation’s security policies will result in disciplinary action,” reads another recommendation.


Related reading