Security in Home Office and Remote Working Arrangements with best practices
The shift towards a remote workforce has brought a wide range of challenges, including cybersecurity.
Workers in a variety of industries are learning to use different technologies to carry out their work responsibilities.
From video conferencing to file-sharing solutions, millions of employees rely on technology. Unfortunately, not all businesses are equipped to deal with the increased security risks of remote working arrangements.
What Are the Risks of Home Office and Remote Working?
We have found that the biggest threats to the security of company data include:
- Unsecure WiFi networks
- Unsecure mobile devices
- Sharing computers or devices
- Email phishing attacks
- Weakened security controls
Here is a closer look at each of these threats and potential solutions for addressing at least some of them:
Unsecure Networks and Devices
Instead of using devices connected to a secure intranet monitored by your IT department, remote workers typically need to connect to their home WiFi networks. The connection is only as secure as the worker’s home network.
Studies also show that about 61% of remote workers have used public WiFi networks to work remotely. Connecting to the WiFi network at a coffee shop or restaurant increases the risk of hacks and data theft. Remote workers may also share their computers or devices with family, friends, or roommates. If the device contains sensitive client data, it should only be used by authorized employees.
Phishing Attacks from Email Scams
Phishing remains a major threat to any business even without remote workers. However, working from home increases the risk of phishing attacks.
About 90% of all cyberattacks are phishing attacks and email is the primary method for tricking users into providing sensitive information.
Weakened Security Controls
A lack of control over security measures is one of the biggest threats to a remote workforce. When your employees work from home, your IT security team has less control over the software and firewalls used to secure data.
You may also need to rely on new technologies, which your IT team may not be able to secure. For example, your business may implement new file-sharing services, creating another vulnerability for your IT staff to deal with.
These are just a few of the risks related to remote working arrangements and home offices. Every point of contact, such as a VPN server or cloud-based storage solution, creates an access point for hackers to reach your data.
Below you can find some general security tips for safe home office working environment:
Secure your Wi-Fi
Sometimes standard Wi-Fi password algorithms are hacked or exposed. Make sure to use strong and unique passwords for your wireless networks at home. The best option is to use wired connection instead. Also try to separate your network from other family members, guests and anybody who could have access to the same network. The best way is to set up a guest Wi-Fi network for any purposes which are not work related.
Implement multifactor authentication and use strong passwords
Multifactor authentication is one of the easiest ways to secure your online accounts while for single password authentication it's recommended to use very strong or randomly generated passwords. You should also keep in mind that these passwords should be stored securely. So do NOT write them on a paper or take photos of them! You should always use a trustworthy password manager instead.
Encrypt your emails with customer IP and sensitive information
You might share a network from home, you may not know exactly the type of network you are using. Encrypting your email is an easy addition to keep sensitive information to whom it belongs.
Make sure your antivirus software is up to date
Antivirus companies quickly react to new exposures and upcoming threats. This is what you are paying for, make sure to apply. In the meantime you should also keep in mind that no antivirus is as fast as some of the bad guys. So make sure that you keep EVERYTHING updated. It is much harder for the hackers to find a 0-day vulnerability (one that no one else knows about yet) than to exploit some of the already existing ones.
Separate your work devices from the personal
You are probably using the same networks and peripherals working from home. Do not use your personal tech for work, unless you know what you're doing, but stick to the hardware your employer provided.
Follow the company policies
This one rule might seem arbitrary to follow, however people tend to find work-arounds in day-to-day life. Working according to the policies can save a lot of headache if or when something goes south.
Always! use the company’s cloud / enterprise storage solution
If you have to store data on the hardware too, it is recommended to encrypt the drive as well. Encrypt everything :)
As always, lock your computer when you leave.
You don’t know what ninja cats are capable of, do you? :)
If you want to protect data from hackers, you need to address every layer of security from the infrastructure at your offices to the devices that your employees use. You should also never forget that most of the times the weakest link is the human, so NEVER click on untrusted links, DO NOT download anything suspicious, DO NOT insert a found or received CD, DVD, pendrive, etc. to your computer and DO NOT leave your computer unattended for any minute when you are in public. Why? Because physical access most often means the greatest opportunity to get full access to a computer, which includes having full access to stored sessions and passwords instantly and has the danger that an attacker could get access to all of your passwords (and data) via monitoring tools later.