The reasons for the huge increase in home working are recognised and well documented. Home working is a necessity for the foreseeable future, and its forced adoption is most likely the precursor to a seismic shift in working practises, away from offices and into the home.
This apparently straight forward relocation of work venue brings with it potentially cataclysmic security issues that were either not considered fully or, worse still, overlooked completely due to the overnight Government edict of lockdown. However, there are a number of protocols that can be quickly implemented which can become the foundations of new homeworking policies for enterprise class businesses.
Security Starts with Connectivity
Connectivity infrastructure, and the sheer speed of broadband has been on the agenda of broadband suppliers for many years, with an almost obsessive chase and race for faster speeds. Whilst commercially driven in an attempt to steal a march on their competitors, the requirements for faster connectivity have also been stimulated by the explosive growth in both technology and uptake of broadband delivered services. From entertainment to the recent high adoption of video conferencing, suppliers have been battling to satiate the consumers ever increasing requirements.
One down side of this speed of creation and adoption of faster broadband speeds has been the lack of detail given to the overall security of the connectivity, leaving many offices and establishments having to source and manage their own security. With the overnight explosion of home working, bringing with it shared broadband connections, shared household routers and multiple user access via a single channel, connectivity security is an often overlooked, yet is a critical area that needs to be addressed as a business priority.
It’s estimated that 32% of UK businesses have been victims of cyber-attacks in the last 12 months. Fast forward to 2020 with the new home working practises and it has been forecast that security vulnerabilities will increase exponentially.
Implementing Secure Remote Connectivity
Any connections made to the company remotely should be carried out via a VPN (Virtual Private Network) which either utilises SSL (Secure Sockets Layer) or IPsec (Internet Protocol Security) to encrypt communications from the remote worker’s machine. This both safeguards the end user and their system, along with the corporate environment, to ensure access is limited to the two-way communication, with no 3rd party intrusions.
Recently quoted Andy Jordan, the Special Project Lead at Mosaic 451 said “Working remotely itself is not dangerous, it is the lack of policy and technical controls enforced by an organisation, coupled with the actions of the remote employee that manifest the risks into very real dangers”.
The results of ineffective cyber security hygiene whilst working remotely, or whilst mobile can include anything from highly sensitive data compromises to unauthorised access into the company’s critical infrastructure. Secure communications while working remotely is a combination of technical solutions and controls combined with proper employee operations security (OPSEC).
Data Access Tools
The Enterprise Business environment lends itself very well to levels of data access tool authorisation. Personal tablets and mobile phones would not normally be permitted to access a corporate wireless network for example. The issues surrounding remote workers present a complex issue to solve, particularly in the short term. Asking employees to home work with minimal notice requires the forced use of personal IT equipment and home networks. Short of supplying company IT equipment and a secure wireless network integrated into a VPN, risks have had to be taken.
Home working also raises the question of what are acceptable websites and online tools that can be accessed, and which should be restricted. With family shared routers, connectivity and sometimes IT equipment itself, this can also present both an ethical issue as well as a potential security threat.
Develop and Deliver a Remote Worker Security Policy
Developing a corporate policy around these issues may well be a priority, but delivering the infrastructure and equipment to ensure that the policy can be adhered to will not be an overnight implementation.
There are some fundamentals that can be put into action relatively quickly, that will go some way towards maintaining security whilst home working. Ensuring that staff have a clear definition and understanding between what is company and work data versus personal data for example. Wherever possible, remote workers should use company software, Office 365 being a good example, in order to retain ultimate control over the work, its storage and accessibility.
This may initially present certain challenges should the workforce be working on their own personal equipment but, stored work, for example should reside on company infrastructure, not a personal shared Google drive. This can only be executed once the company have delivered on supplying the correct business accounts for home working employees. Google’s enterprise solutions offer the opportunity to lock or delete any sensitive data should there be suspicion of a security breach. It may be prudent also to invest in password manager software to ensure that another line of defence is implemented to cover work related documents and software access.
As with many enterprise class business solutions, having a clear protocol that is delivered effectively to all relevant staff, with advice and training given, will go a long way towards increased security protocols and minimising security breaches. Forgetting to lock a computer when on a coffee break when working remotely may seem obvious, but unless discussed, documented and a protocol adhered to, may well be an easily replicated issue with a high volume of staff working remotely.
Connectivity and data access devices are at the very sharp end of remote worker security. In our next article we will look at working practises that manage and enhance day to day security whilst working remotely.
With the forthcoming months bringing uncertainty around your organisations IT requirements, home working, office closures and office relocation’s, tier1 are here to help and we are offering new services to ensure that you can plan and prepare, for all eventualities.
Contact us today on 0161 777 1000 or visit https://tier1.com to find out more.