Work From Home Guide

Work from Home Guide

How to Reduce Security Risks for Your Remote Workers

Work from Home Guide: How to Reduce Security Risks for Your Remote Workers

In 2017, 3.7 million U.S. employees (making up 2.8% of the entire U.S. workforce) worked from home for at least half the time. Today, more companies than ever are offering the option to work from home — or even requiring it in an effort to ensure business continuity and to keep their workforce healthy. Managers and leaders from all sorts of companies are seeing the benefits of allowing remote work for their companies: a larger pool of talent for roles when hiring, reduced commuting time for employees, more autonomy for workers and even increased productivity. However, they are also thinking about the challenges and risks that come with allowing their employees to work from home.

The main cause of data breaches has traditionally been employee negligence, with studies showing 20 percent of data breaches in 2019 were caused by employees. With work-from-home procedures in place, organizations could face an increase in attacks that could lead to data breaches. It’s vital that both employees and organizations take proper precautions to limit this risk and monitor, react and contain any sign of intrusion within corporate networks and compromise of employee endpoints. We will break down the risks of remote working and explain what you can do to ensure your employees are doing their due diligence.

What are the Risks of Remote Work?

When asking employees to work from home, some companies may face operational risks such as not being able to support a large number of simultaneous VPN connections to their infrastructure and services. This can be annoying for employees that need access to internal resources and may even place additional strain on IT teams if they’re not properly prepared.

While this is not a security risk per se, it can disrupt work and cause unnecessary stress for an IT department that’s already overworked and overburdened trying to fix the issue on-the-go. There’s also the risk of not properly implementing access, authorization and authentication policies which may result in employees accessing resources that they shouldn’t.

To minimize the risk of unsanctioned remote access to its infrastructure, IT and security teams should make it clear which VPN clients, services and applications are supported by the organization. Any attempt to access internal infrastructure with unsanctioned tools should be treated as a network security risk and blocked immediately.

Since some organizations have a strict IT policy for centrally managing and deploying software and security updates to endpoints, gradual rollout procedures should be devised for deploying those updates. Delivering them all at once to VPN-connected employees could create bandwidth congestion and affect inbound and outbound traffic. Last but not least, enabling disk encryption for all endpoints should be a priority as it minimizes the risk of having sensitive data accessed or compromised due to device theft.

Security Guidelines to Enforce Working From Home

In order to get the “best of both worlds” by allowing employees to work remotely but also to reduce the mentioned risks, let us look at what can be done to mitigate those risks:

 

1. Web Security Protection

Organizations should consider deploying security solutions that feature strong web security protection on employee endpoints and technologies capable of preventing network vulnerabilities from exploitation. Phishing scams and fraudulent website creation have soared in an attempt to capitalize on employee curiosity and negligence. That’s why organizations need strong anti-phishing and network attack defense technologies that can accurately detect and block such threats from preying on employees who work from home.

 

2. Work from Home Policy

Having a defined “Remote,” “Work From Home” or “Teleworking” policy is a must if your company plans on permitting staff to work from locations outside of the office. This can help reduce the inherent risks of working remotely by establishing a set of procedures that employees must follow in order to work from home. This policy should include additional information security policies to outline all employees’ responsibilities when it comes to the InfoSec program.

Some examples of procedures that need to be included in your remote working policy include:

  • Process for approving remote workers
  • Defined responsibilities for employees
  • Outline what users must do to secure their remote workspaces
  • Outline workstation or device hardening steps (this can be a separate policy or reference another policy)
  • Ensure encryption is used for all data that is stored and in transit
  • Mandate use of a VPN for remote workers
  • Outline the procedure for reporting an incident should one occur

While having a policy will help reduce the risks, the policy also needs to remain up-to-date and should have input from your Information Technology team or an information security expert when being created or updated. Any policy involving information technology or data privacy should also involve someone who understands the subject matter. Again, information security policies are NOT static documents. As threats change and new technologies emerge, the policies need to be updated to remain current.

 

3. Offering the right Tools

Having a policy in place will let employees know what they need to do and how to do it, but providing them with the right tools will also reduce the risks of working remotely. Depending on the company and the role of their employees, these tools may vary. The following are examples of some tools that have seen referenced in Remote Working policies:

  • VPN will ensure that network traffic is encrypted, even on a public network like at a coffee shop. This is also recommended in a home office if the home network is shared with others (family, friends, guests).
  • Built-in Encryption by Apple (FileVault) and Microsoft (Bitlocker) ensure that it is much more difficult for data to be pulled off the device should the hard drive be lost or the device is stolen.
  • Password Managers will help users store their passwords and generate secure ones. They help reduce the risk of employees using the same password for all services.
  • Built-in Firewalls from Apple and Microsoft can be enabled on any of their devices. This is great to prevent inbound or outbound requests that could be malicious.

 

4. Training and Best Practices

Having a policy and supporting it with the right tools is important, but educating and training employees on best practices will help to explain and outline why they need to follow the policy and use the tools. Many companies offer some form of Security Awareness Training. However, this training is usually done only once a year and can quickly become outdated. Consider having monthly or quarterly training sessions to keep your employees informed and educated on threats and their responsibilities when it comes to your company’s information security program and working remotely.

Employees working from home must be provided with basic security advice: to beware of phishing emails, to avoid use of public Wi-Fi, to ensure home Wi-Fi routers are sufficiently secured and to verify the security of the devices that they use to get work done. It is likely that attempts to subvert security using phishing attacks will increase at this time.

Employees should be reminded to avoid clicking links in emails from people they do not know, and installation of third-party apps should be confined to bona fide app stores, even on personal devices. Along with basic security guidance, employees need to know who to contact in the event they detect a security threat.

Remote working can be of great advantage for your company and employees but there are risks. In order to ensure the security of your company, its data, and that of your employees, you need to lay a solid foundation. It should include web security protection, a working from home policy (supplemented by additional information security policies), tools to protect your employees and training to ensure they understand their responsibilities.

If you’re unsure of where to begin, consider the advice of our Security experts. When you partner with SoftwareONE, you’ll know exactly where your risks are and how to protect your assets. We’ll work with you to stay ahead of potential threats so you can tailor your work-from-home strategy to your specific business needs and better articulate to your team members what exactly needs to happen moving forward.

Prepare Your Team to Work From Home Safely and Securely

Learn more about how to protect your employees when working remotely.

Get Your Remote Working Cyber-Scurity Checklist

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO

Software Portfolio Management

Related Articles

microsoft-teams-vs-zoom

Microsoft Teams vs. Zoom

In times of increasing remote and mobile work, team collaboration tools are gaining popularity. But which is better, Microsoft Teams or Zoom?

6 Exciting Meeting Features to Better Collaborate in Microsoft Teams

6 Exciting Meeting Features to Better Collaborate in Microsoft Teams

Microsoft recently announced new features for their collaboration platform, Teams. Here’s an overview of what they are and how to enable them.

Reset & Thrive Your Business Part SEVEN
  • 08 settembre 2020
  • User Productivity, Life at SoftwareONE

Reset & Thrive Your Business - Part SEVEN - How HR can Facilitate Agile Work

The shift to remote work has disrupted many facets of business – and HR was not exempt. Let’s look at how HR can help employees get back on track.