Homeworking before the recent events of 2020 was deemed as nice to have and a lot of businesses thought that they were not able to support working from home. A lot has changed; however, businesses have had to transition to a new model of working quickly or face the threat of not being able to work and going under.
One of the downsides of this quick transition is that security of information and systems have taken a back seat, people are now homeworking (possibly for the long term) and security has not been thought about until now. Businesses need to ensure that they still protect and implement the same security measures as they would if working within the office.
Whilst the first few weeks of lockdown within the UK were a mad panic for businesses and their IT departments, in the grand scheme of things getting staff to work remotely was relatively pain-free for the majority. Now, however, simple protections such as antivirus software and patching is now being forgotten about or have new challenges as what was centrally managed may no longer find machines that aren’t connected to central business systems via VPN (Virtual Private Networks).
The Cybersecurity Association has found that around 9% of employees have checked to make sure that their antivirus software is updated and that around 18% of staff were working from unprotected devices. If you take this with other threats, such as phishing and less technical communication with staff, this can increase the chances of damage to information or systems.
There are, however, some best practices that you can implement to ensure that the risks are reduced for any compromise as well as helping your homeworkers work from home safely and securely.
Making sure that your passwords are unique across all sites and where possible utilize two-factor authentication, sometimes known as multi-factor authentication. This will help reduce any chances of compromise, should the worst happen, if a password is compromised, it will only affect that one site, allowing the user to quickly change the details and move on. To help check to see if your passwords have been compromised, you can check at: https://haveibeenpwned.com/
One area that should be thought about for home users, is the IoT device, or smart devices, such as Amazon Alexa, Google Home etc. You should ensure that none of these devices is connected to a work network, where possible separate out the devices from your home network devices and the office network. If you have CCTV in and around your home, for personal protection, be careful about recording business-related information, it may be confidential.
If you haven’t already, you should ensure that, if you are unable to centrally manage and update your home users machines, you should ensure that home users are told and shown how to update their computers. They should be informed that the machines should be updated regularly when prompted.
If you can you should look at investing in and using VPN software to create an always-on connection to the office network, this ensures that any information is kept and stored on business systems, this reduces the chances of information being left on home machines or being lost due to not being backed up.
If home users are using their own computers for business use, you should ensure and inform staff members that they should be careful with what applications they have installed, what they are installing and how the information is backed up. Where possible you should ensure that home users only use business-related machines and separate out home and business at all times.