Working from home: How to keep your data safe
Individuals and companies need to be vigilant while staff are working remotely
Remote working requires good password hygiene with frequent updates. Consider extra authentication. Photograph: iStock
Technology is the great enabler allowing large numbers of people to work from home during the coronavirus pandemic. At one level, it’s the lifeline that will help to keep the wheels of commerce turning.
At another, it’s an opportunity for those with evil intent to expose shortcomings in individual behaviour and vulnerabilities in organisations’ IT systems.
The would-be hackers are out in force, sending virus-related phishing mails – including some very official looking ones purporting to come from the WHO. The potential worry for organisations is that a less savvy employee working from home clicks on one of these spurious emails and creates a security breach.
Working from home has many advantages, but it also requires vigilance around device safety. Companies need to ensure that their data is protected and resilient outside the security of the workplace.
“One of the biggest potential threats comes from the fact that people tend to act differently when they’re working from home,” says Stephen Bowes, head of technology at BSI Cybersecurity and Information Resilience.. “They’re not in the same corporate mindset, they’re more relaxed and operating outside the security protocols normally taken for granted.”
It may sound obvious, but people need to be vigilant around protecting passwords and it would be no harm to look at multi-factor authentication
Bowes says that, at work, everyone is pulling together towards the same goal so, while leaving a laptop unattended with sensitive information displayed on the screen may not be sensible, it will more than likely be ignored by one’s colleagues. Working outside the office, however, that may no longer be the case. Bowes’ advice is to lock the screen or close everything down if you’re taking a break especially if there are nosey people around and to exercise similar caution with sensitive paper documents.
People need to be aware of the physical safety of their devices especially if they’re not used to carrying a laptop around. It’s all too easy to leave it behind somewhere,” he says. “Don’t leave laptops or other devices in vulnerable positions beside an open window or door and don’t leave them on the seat of your car if it’s unattended while you go into a shop or to get petrol.”
Asked what steps companies should be taking to protect their data and their systems, Bowes gives software patching as an example.
“Software patches usually happen automatically when someone is connected to the company’s network,” he says. “But if they’re working remotely this may no longer be the case and hackers are always on the look out for unpatched software. IT teams need to be proactive in managing this,” he says.
“It may sound obvious, but people need to be vigilant around protecting passwords and it would be no harm to look at multi-factor authentication. Whatever you can do to increase the security level such as adding biometrics, should be encouraged.”
Bowers says the single biggest thing organisations can do to protect themselves is to encrypt their data. He also advises people to think about how backup is managed and what happens if someone’s laptop dies and there’s no IT department to swoop in to help.
“Our main advice to people working from home is to behave as you would in the office. Follow the same procedures such as not opening or clicking on anything that looks dodgy and report it to the IT department. Exercise a zero trust methodology,” he says.
With everyone now aware of the need for rigorous hand hygiene, Bowers has one last piece of advice. “Clean devices and keyboards with products meant for computers not with domestic cleaners to avoid damaging the hardware,” he says.
Keeping data safe while working from home
Tips from Stephen Bowes, head of technology at BSI Cybersecurity and Information Resilience.
Home Network: review employee wi-fi network to ensure wi-fi password security is set to WPA2 or higher, that it uses a complex password and is of sufficient speed and quality.
Physical security: consider employee awareness training around the security of devices outside the workplace. Think about asset loss protection, geo-location capabilities and remote wiping functionality to be implemented on devices as well as the use of privacy screens.
Encryption: This includes device disk encryption to protect data and a VPN (Virtual Private Network) to allow remote connection to the company’s network securely. Other considerations are email encryption and secure file transfer facilities.
Policy management: adopt a cloud-based management platform to ensure reporting, security, data protection and other related policies can be maintained to minimise disruption.
Cyber attackers and ransomware: take the same precautions as in the workplace and flag any suspicious emails or attempted suspicious contacts.
Password hygiene and expiration: remote working requires good password hygiene with frequent updates. Consider extra authentication.
IoT devices: depending on the sensitivity of the work being carried out in a home environment, it’s important for employees to highlight what IoT devices they have and the potential risks they may pose.