CYBER ESSENTIALS MYTHCONCEPTION 3: Home Networks on Scope
This post in our series on Cyber Essentials "Mythconceptions", tackles the myth:
"The home networks and routers of WFM employees are in scope and need to be inventoried and compliant."
While this used to be true for a short time, the NCSC rolled back this requirement. The only home networking devices, like routers, that are in scope are the devices that have been supplied by the organisation. This is because the organisation has control over the device and can apply the required controls. Routers or other home networking devices supplied by the home worker, or their ISP are, by default, out of scope.
Many people have already heard of this change, but we have talked to some who have not. This change in requirements should make WFH compliance much smoother.
Barrier's "Securely Compliant Tips" for in-scope home networks
The following tips are offered as inspiration to help you devise a strategy for WFH workers in your organisation for compliance and beyond:
Help your home workers work safely and securely by providing training and guidance on how to secure their personal routers and home networks.
Use Zero Trust approaches and tools to provide technical assurance that remote workers are secure even when connecting from untrusted environments. Endpoint agents installed on WFH devices can provide assurance, compliance, and governance even when these devices are outside of your normal sphere of control.
For any questions, contact IASME: https://iasme.co.uk/contact-us for official Cyber Essentials queries,
or Barrier Networks: https://www.barriernetworks.com/contact-us to schedule a Cyber Essentials assessment or help with anything from the Tips.