However, as with any technology that experiences a period of rapid growth, we are now moving beyond the initial emphasis on speed to market. As Unified Communications become an increasingly essential part of the virtual workplace, we must now establish exactly how this impacts users, how it meets compliance requirements, and how secure it is.

Our initial response to COVID-19, which focused on the rapid onboarding of UC solutions, has demonstrated that we should always be vigilant when implementing new systems. Technological developments to address immediate concerns are certainly essential, but users – both personal and professional – must be conscious of any security risks and ensure they follow best practice at all times, particularly with BYOD arrangements. For example, the importance of utilising strong passwords is already well-established, but its importance was highlighted once again by recent incidents where cracked passwords have been used to disrupt online meetings, taking advantage of platforms' lack of end-to-end encryption^[2]. And whilst updates are regularly released for all platforms to rectify security issues as they are discovered, this doesn't eliminate the initial risk that is posed, which means users must take the time to educate themselves, with the support of their providers.

Data sovereignty is another serious concern, particularly in sectors like healthcare, legal and finance, which have strict requirements about how and where sensitive data is stored. Recent revelations that certain platforms routed user data through different countries to meet increasing demands for capacity^[3] are putting organisations' security posture into sharp focus. Going forward, providers of UC solutions must offer their users complete confidence they are compliant with all local and international data protection regulations, such as the GDPR, which may mean maintaining data centres across multiple regions.

As organisations in both the private and public sectors become more conscious of the potential security risks surrounding UC solutions, we are sure to see the establishment of clear best practice amongst both providers and users. However, this will require close collaboration between all parties concerned if we are to take a proactive rather than reactive approach to the issue, ensuring robust security is inherent in the design of all UC solutions rather than offering fixes when a breach does occur.

The Department for Digital, Culture, Media and Sport found that only 32% of charities have performed a cyber-risk assessment in the last 12 months (The Cyber Security Breaches Survey 2019), meaning there are a significant number of charities that could potentially not understand all of their vulnerabilities. The cyber landscape is constantly evolving, and it is vital that all charities are aware of their risks and vulnerabilities so that the appropriate control measures can be put in place to protect them. Throughout my years of experience, I have found that if an organisation does not fully understand its risks, money is often wasted, and controls may not be as effective as they need to be.

At Exponential-e, most of our customers have set up VPN connections for their remote workers or virtual desktops for employees that aren't provided with laptops. However, there is still the potential risk for an uncontrolled, infected endpoint to unknowingly distribute malware into an organisation and consequently, take down all systems. Several organisations have been affected by ransomware attacks recently, which have all originated from a malicious phishing email. In order to reduce the success rate of phishing attacks, all users need to be educated to be able to identify a phishing email, and to know how to react effectively in order to stop them, see my Top Tips for Working From Home video for more information.

Increasingly, charities are reliant on online services – donation platforms and login pages – and consequently, many charities are falling victim to cyberattacks. Smaller charities are often more vulnerable, since they have less awareness of cyber security as a whole and are naïve to the risks they may face from a cyberattack. The National Cyber Security Centres' (NCSC) 'Cyber Threat Assessment: UK Charity Sector', identified that the most common vector for cyberattacks against charities were phishing emails; fraudulent emails, containing links to fraudulent websites. These impersonation attacks are dangerous, and often lead to malicious software making their way into IT systems. If a charity loses access to their online services, it could result in an existential threat to their survival – from the ensuing reputational damage and the prevention of service delivery.

Being one of the founding members and a current board member of The Cyber Helpline, a free, confidential helpline for individuals who have fallen victim to cyber crime. I use my expertise to help individuals contain, recover and learn from cyber attacks. The Cyber Helpline was designed and developed in the cloud, and we have continuously made sure that the infrastructure is always protected and tested each month. The founding members of The Cyber Helpline have come from the cyber security industry, subsequently we have been able to ensure that the security by design was in place from day one. 

This service uses chat-bot technology, which was developed to help triage any incidents. When we first started out, we were worried that we might not have adequate resources to cope with the quantity of incidents occurring, so the use of this technology helped in addressing this risk. Our chat-bot can ask relevant questions, to help us identify what the incident is in relation to, and which classification it falls into, so that we can react accordingly. If an incident could cause harm to an individual, it is quickly escalated through to a volunteer or manager, to ensure it is handled appropriately. In other cases, when the incident can be resolved through following a set of step-by-step instructions, we provide the individuals with an appropriate guide, so that they are able to help themselves. Our volunteers use their own systems to access the cloud environment, but we train them thoroughly as part of the on-boarding process. Additionally, all our volunteers have anti malware solutions in place, to protect their systems, and are able to accurately identify phishing emails.

There are still many charities that are not able to employ a Chief Information Security Officer (CISO) and have yet to act and seek external help to mitigate the risks posed by cyberattacks. Even for those who have received external help with their cyber security, it is still crucial for them to stay on top of the evolving threat landscape. Accepting advice and guidance is important in preventing the damaging effects of cybercrime.

At Exponential-e, we welcome the opportunity to help any charity needing assistance with cyber security questions or solutions. Our Cyber Security team exists to support and educate our customers, especially those who are in the vulnerable position of knowing that cyber security is a threat, but are less aware of the solutions required to protect their organisations against it. We are consistently on hand when required, to supply knowledge and give support to our customers, all whilst maintaining and renewing our own knowledge base, to remain up-to-date with current threats in the industry and how best to mitigate against them. We abide by integrity, reliability and perseverance, in order to provide the best cyber security solutions for our customers' individual requirements.

We are currently hosting a series of webinars around different areas of cyber security, click here for more details.

Always be suspicious of links

Cyber-crime is constantly evolving and shows no signs of slowing down during our current pandemic, which means we must all stay vigilant and exercise caution before clicking on any links we receive. Even if a link is from a legitimate-looking email address, check before clicking on it, as you can hover over it with your cursor to view the URL. If you have any concerns, alert your security team. In particular, watch out for 'working from home' scams, where fake websites offer 'home testing' kits or – in certain cases – cures for COVID-19. Avoid these at all costs, in order to keep both your personal bank account and your organisation's network secure.

Stay smart when sharing documents

When connecting to your company network from home, it's important that you ensure all the same security measures that would be utilised in the office are still in place, with all communications properly encrypted. Your IT team should always have an established set of procedures and tools for securely sharing documents – especially those that contain sensitive data – so be sure to revise this if you haven't already and avoid using any third-party platforms for this purpose. 

Lock your device!

Most professionals are already familiar with best practice whenever it comes to leaving devices unattended in the workplace, and in our current lockdown, it's unlikely any of us will accidentally leave work devices on public transport. But it's' essential that we do not let those practices slip while we're working from home. We've all heard funny stories in the news about when children get access to their parents' phones, but when our devices are connected to our business networks, it's important that they're 100% inaccessible to everyone except us. Even something as simple as a family member clicking on an unsecure website could lead to a costly security breach.

A secure VPN

Virtual Private Networks have long been the benchmark solution for remote working, but with the spread of COVID-19, we are seeing companies moving from maintaining a few VPN licenses for specific instances to deploying them for their whole workforce. However, there's a good reason for this – if implemented correctly, it maximises security by encrypting all data you send through your company network. While you may require a cloud-based solution for specific applications, a quality VPN is an intelligent foundation for your day-to-day work.

A password manager

It's no secret that reusing passwords across different platforms presents a great risk of cyber criminals accessing corporate systems through guesswork. Nonetheless, it's still tempting for employees to do so due to the difficulty in keeping track of large numbers of unique passwords, especially when they need to be regularly updated, in line with internal security protocols. Fortunately, a password manager tool which integrates with your web browser makes it easy to keep your passwords secure, while still ensuring they are available when you need them. Ask your IT team if they recommend a specific one.

Automated backups

External backups are a key part of any effective business continuity and disaster recovery strategy, which should still be the case when you're working from home rather than the office. Your company is likely to have a system in place for this, particularly if you have already adopted a cloud-based strategy, so ensure you follow all guidelines when you begin remote working.

The right WFH solution

One of the biggest obstacles to remote working in the past has been the need to maintain continuity with existing business processes and systems, ensuring work can be conducted as normal, without compromising either security or efficiency. Fortunately, there are several ways of doing this, but it's important to be conscious of security when using such solutions, and always use the one recommended by your IT team. A proven, trusted platform like Exponential-e's Working from Home solution is ideal, allowing teams to continue using your company's preferred tools as normal, regardless of where they are logging on from. This will ensure a smooth transition to remote working for the entire workforce.

Two-factor or multi-factor authentication

Related to the above, two-factor or multi-factor authentication provides an extra level of peace of mind, by creating an extra obstacle for cyber criminals, even if one of your passwords is compromised. As password theft measures have become increasingly sophisticated over the years, this is no longer a 'nice to have' measure - it should be a standard part of your remote working systems and wider security policies.

Effective anti-virus protection

Viruses continue to evolve on a near-daily basis, and which means a robust anti-virus solution should still be your first line of defence and may even give you time to secure your infrastructure in the event of a password being compromised. Make sure an industry-standard solution is installed on all your devices and enable automatic updates.

Be prepared

If you're new to remote working, don't go in blind. Take the time to re-familiarise yourself with your company's security policies (particularly any new ones for home workers) and be sure to attend any training sessions that are on offer (as many organisations are rolling out remote training sessions for home workers, there are no excuses!). This will make the transition far smoother and allow you to stay focused on your work.

Secure your router

At Exponential-e, we always say that 'your Cloud is only as good as your network'. In the same way, your remote working solution is only as good as your router. As above, make sure its password is secure (especially if you've never changed its pre-set password!) and take any recommended security measures, both from your network provider and your IT team.

Check your passwords

This is a familiar refrain in the world of data security, but it always bears repeating. Familiarise yourself with current best practice regarding password creation (there are plenty of useful resources available online for this) and avoid reusing passwords. While memorising multiple passwords for each platform you use for work is certainly inconvenient, there are many excellent password manager tools available. Ask your IT team which one they would recommend, as your company may already require employees to use a specific one.

Enable updates

We all know how irritating requests to install updates on our personal devices can be, but in our current climate, it's more important than ever. More than just keeping your own devices secure, a single instance of malware could bring down your entire company network, so don't take any chances. Ensure you install all recommended updates, or – better yet – enable automatic updates. This will ensure your devices are always protected against the latest security threats. 

1. Do have a good working environment

Sitting up in bed or on the sofa sounds nice, but your back won't thank you as the day goes on. You should try to create a suitable working environment where you can sit up properly and have your laptop at the correct working height. Whether it's sat at the kitchen table or in your study, try and create an area clear of clutter. Why not try re-arranging some of your house plants to make your 'office' more inviting?

2. Do make healthy choices  

Stay hydrated - drink water and don't overdo it on the caffeine! Why not keep some fruit or healthy snacks nearby to reduce the temptation of biscuits, chocolates and crisps?  You'll thank yourself for it at the end of the day!

3. Do use video, it's good for all parties

Much of communication is non-verbal. Seeing your colleagues, clients or suppliers on video encourages interaction and engagement. But don't forget, everybody else can see you – make sure you're dressed appropriately and you've not just got out of the shower!

4. Do remember you can blur your background when on video calls

Using Microsoft Teams? You can blur your background on video calls, meaning that the pile of your kids' toys in the corner won't be visible. Handy right!? If you're using Zoom, there is a great feature that allows you to create a 'virtual background' – video call while on the moon, anyone?

5. Do remain focused and productive

Don't be tempted to start that new season on Netflix; plan your activities for the day in small sprints with what you want to achieve and deliver on it. This will help get you into a working rhythm and give you a sense of achievement.

6. Do schedule in 'virtual coffee breaks'

Why not schedule 20 minutes in the morning and afternoon to have a short social period with your team? You can all jump on a video call while you recharge your batteries with caffeine and talk about anything but work. Being able to keep some of the social side has a lot of benefits for all involved.

7. Do stay active and get away from your laptop

It's important that you look after your physical and mental health while working from home. Take the dog for a walk, or go for a run, at lunch. Take some scheduled breaks to do something different to help stay active and let your mind reset.

8. Do have some background noise if it helps you focus

If you're the sort of person that finds sitting in silence mind-numbingly boring, why not turn on the radio? Keep the volume low so you can still focus on your tasks and not get distracted. Just like in the office, if you find yourself drifting away from work due to the noise, make sure you refocus yourself.

9. Do have a routine

It's easy to slip into a 'lazy' way of working, potentially even be tempted to stay in your dressing gown all day, but it's important to still have a routine and set your mind up for the day. Try to keep the routine you had when going into the office - wake up, shower, have breakfast - you'll feel far more ready to tackle the day ahead.

And finally, the one that many people dread…

10. Don't worry about the kids/pets coming into the room

Cat jumped up on your keyboard? Your kid asking if they can have some crisps? We're all human and these things happen. Embrace them if they happen to you, and help others feel comfortable when it happens to them - everybody understands the situation that we find ourselves in. We'll all have stories to tell about 'those' moments in the coming weeks!