As we continue to work from home due to COVID-19 and a shift in our working practises and business models brought on by the pandemic, we need to consider that we are moving our business activities into potential hostile environments outside the safe confines of our office security systems.
Out of a need to move quickly we have all been learning how to connect remotely from our personal devices and how to continue business within our new work environment. But, what may have be left out of your considerations is how secure is this new work environment. Also, how many new work environments does my business now have which I currently have little or no control over? Each employee working from home will have their own unique setup within their household for their own personal IT. What we need to consider is this: was this setup with business in mind?
The answer will likely be no as before now, unless they worked from home as part of their contract, the most they might have done remotely is to check emails on their home network via webmail or on their phone. What their home setup will predominately be catering for is their personal use: entertainment, children, life admin! The security setup will depend on their personal interest in IT and their appetite for risk. If they are a security conscious individual concerned with internet safety they may have anti-virus software on personal laptops and have changed the default password on their router (if they know how to do this). However, they could also have no software and have left the default password on their router as supplied from the manufacturer resulting in every hacker in the world knowing the password for their router in fact a 10 second internet search will likely provide the password to anyone that wants it.
This is where our term “hostile environment” comes into play. When you ask employees to work from home, whether using company issued devices or not, you are introducing a new network into your business network parameters. This means to ensure your network security is comprehensive you need to consider each employee who works from home as a satellite office and part of your overall IT network. Ask the questions would you allow your employee to take commercially sensitive files out of the office and leave them in an unlocked home overnight? This is effectively what you maybe doing with your electronic files.
Now we’re not trying to panic anyone and we’re not saying that you need to stop people working from home, quite the opposite! Working from home has been vital for many businesses during COVID-19 and will probably continue with many workers afterwards. Here at MJD we’ve been working hard with our clients to set everyone up with safe and secure work from home solutions to allow them to protect their workforce and their business as best they can from the effects of the pandemic. What we want is to increase the awareness of the security risks posed from the work from home movement and highlight that there are some key tools to implement to increase your opportunities and decrease your threats because of working from home.
In fact have you considered the fact that your employee could be in the kitchen making a cup of tea while other members of the family may have access to the computer and ultimately your valuable business information and whilst not being malicious children can be very inquisitive and can cause a lot of damage deleting things in the 5 minutes that the pc is unsupervised?
First and foremost, if your employee is working from home using a personal device it is highly recommended to make sure you have a Bring Your Own Device policy in place and that a stipulation of this is that a company approved anti-virus and anti-malware software is installed. The National Cyber Security Centre have a fantastic advice document on their website on Bring Your Own Device policies which can be found here.
The team here at MJD can help you to implement such a policy and we can recommend suitable Remote Access software to help you manage this policy for mobile devices, laptops and PCs.
An IT policy should also be implemented alongside your BYOD policy, which we recently wrote a blog article on and can be read here. This will help to protect the business should any IT hardware or services provide by the business to your employees be used outwith the manner agreed to and intended for while in the work from home and office environments.
A password manager should also be utilised to ensure the secure management of company passwords and allow employees to share credentials in a safe and secure method. You can even share read only view permissions between members of your organisation so they can login but not view or edit the password themselves.
We would also recommend the use of Email Encryption for members of your organisation who require to send confidential or sensitive information. This allows you to add a further layer or security on your business communications in these new hostile environments. We recently wrote a blog article on email encryption which you can read here.
This is by no means an exhaustive guide on to how to fully protect your IT network and business in the work from home environment, but is a good starting point to encourage discussion and planning on the area. If you have any questions about your remote setups or would like advice or guidance on improving your work from home security please don’t hesitate to get in touch with the team here at MJD.