6 tips for working from home securely
With so many working remotely, cybersafety becomes a paramount concern for businesses and their employees.
Modern technology makes it relatively easy for many people to work from home, but doing it securely takes some thought and careful planning. Home environments are full of distractions. Some folks struggle to maintain the same mindset they carry at the office. The use of personal devices and unsecured networks also presents potential dangers.
It’s vital to set out some rules and get the right infrastructure in place to ensure that security standards are upheld. These tips will highlight areas that need to be addressed in considering how best to work from home securely.
1. Create a safe space
A distinct workspace in the home that’s clearly delineated is ideal but may prove impossible for some people. Privacy should be upheld. People shouldn’t step away from computers and leave them unsecured with partners, children or roommates in the house. Any devices used for work should be password protected or biometrically secured and locked when workers are away from them.
The divide between work and home must be maintained, even when working at home. This helps prevent any accidental disclosure or leaking of sensitive data, but just as importantly, it helps employees to keep work life and home life separate.
2. Establish barriers between work and home devices
Wherever possible, people should keep a distinct set of devices they use for work and a separate group of personal devices. Ideally, any device that’s used during personal time for browsing, shopping, playing games, messaging and social media should not be used for work. Where employees have specific work devices it should be relatively simple to maintain this demarcation. IT departments can configure the network to only accept connections from specific machines and ban the installation of any unauthorized apps.
Where employees have no choice but to use the same device for work and play, security teams must investigate how to establish a resilient boundary. This may mean disabling certain functions of the host machine when secure connections are established to prevent it from being able to screenshot sensitive data, for example. Blocking the ability to copy data from the company network to a host machine and vice versa, is vital in stopping data exfiltration or the upload of malware onto your network.
3. Use a secure VPN and virtualization
The most basic requirement for a distributed workforce is a reliable VPN (virtual private network) service that offers solid encryption. This allows you to create a secure tunnel between the company network and remote devices. Most companies will want to go further and employ virtual desktops that offer a window onto systems back in the office.
A correctly configured virtual system will limit data exchange to a bare minimum. Individual sessions will be fully logged, and remote logins should necessitate multifactor authentication. Homeworkers should also ensure that Wi-Fi networks are secured, and router access is password protected with a fresh password, not the default it shipped with.
4. Reinforce security policies
Keeping good security practices at the forefront of employee minds is crucial, particularly when they are surrounded by distractions. Deliveries, children, pets and neighbors can impact employee focus and make them more susceptible to social engineering and phishing attempts and business email compromise fraud. Continue security awareness training and remind your employees to be skeptical of urgent financial requests or emails that purport to contain vital information.
Reinforce your security policies, test your employees and circulate advice on known scams. Make sure there’s a line of communication, so people can get advice when they need it. Maintain the protocols that secure company data and reiterate them to your workforce. Warn employees about oversharing on social media. Where necessary, you may want to update security policies to specifically address expectations when working from home and to include new technologies being used, such a video conferencing.
5. Consider software updates
For people working remotely for a prolonged period, security updates for software are going to be required. Establish a secure line of communication with IT staff. Make provision for remote installation and maintenance. The IT department should handle software updates remotely, but establish a protocol for this, to eliminate the risk of a bad actor posing as IT staff.
6. Put a backup plan in place
Secure cloud backups are crucial for home workers. With virtual machines, you can maintain your usual backup systems on your office network. Otherwise, you’ll need to put a regular, secure backup process in place. You should also devise a recovery plan to cover the risk that a remote worker’s system is compromised or damaged. The faster they can restore a backup, the sooner they can get back to work.
Make sure all your policies for secure home working are accessible. Finally, be crystal clear about who employees should contact if they have concerns or require clarification.
Stu Sjouwerman is the founder and CEO of KnowBe4, developer of security awareness training and simulated phishing platforms, with over 30,000 customers and more than 20 million users. He was co-founder of Sunbelt Software, a multiple award-winning anti-malware software company, and is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” Contact him at stus@knowbe4.com.
Related: