Skip to content

What is it? 

Since the pandemic started, working from home has become a major part of working life. Even when the pandemic recedes, it is predicted that many organisations will still employ working from home practices into the near future and beyond. 

While working from home is convenient and has many benefits, it also exposes individuals and organisations to a vast array of cyber security threats. Considering the risks posed, it is advised that organisations adhere to the best possible practices to mitigate the most common threats. 

This scenario is split up into three injects with each inject containing multiple discussion points. This will allow organisations to review and refine their standard practices when working from home. 

The aims of this scenario are as follows:   

  • Understand the controls that your organisation currently has in place to support home and remote working. 
  • Understand how collaboration services are managed and controlled by your organisation. 
  • Think about acceptable discussions or information that can be shared using collaboration platforms. 
  • Determine if effective monitoring measures are in place. 
  • Explore how your organisation detects and handles a security incident that has originated from a remote workstation. 

Why do it? 

It is vital to understand both the benefits and the additional cyber security risks that home and remote working can bring to an organisation. If there is an urgent requirement to stand up home and/or remote working, then there is the potential that your organisation’s IT services will be accessible to people other than your remote workforce. Additionally, sudden requirements and demand on infrastructure could increase your organisation’s attack surface, providing attackers with more potential avenues to exploit. 

It is important for organisations to conduct cyber exercising to enable them to prepare for a potential cyber-attack within their business and mitigate that threat as much as possible. Additionally, please remember that Exercise in a Box is a safe environment for every participant so please do not feel like you cannot say anything. 

There have been many attacks utilised by hackers over the course of the pandemic. The attack vectors include: 

  • Cyber Fraud 
  • Insider Threats 
  • Scams (Phishing, Vishing) 

The Scottish Business resilience Centre have compiled important data and produced a small information pack regarding working from home (The Impact of COVID19). It can be found here: 03.-Home-Working-Threat-COVID.pdf (

Some of the benefits and key takeaways of cyber exercising include:  

  • Understanding actual versus perceived capabilities of people and technology.  
  • Figuring out where to invest budgets in training or new technology.  
  • Building muscle memory and reducing stress for security teams and management.  
  • Improving morale and team building.  
  • Meeting regulatory requirements. 

Who is it for? 

Exercise in a Box is aimed at any organisation, big or small, that are aiming to increase their cyber knowledge and perception. Working from home and its possible implications affect every organisation in some shape or form. It is advised that businesses bring a diverse team with them and not just the IT department. This will ensure that more of the company is educated and not just a small part of it. 

The current dates are as followed: 

  • Thu, 22 Jul 09:30 BST 

You can sign your organisation up here: Scottish Business Resilience Centre Events | Eventbrite